This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data ...

This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, obtain Carlos's stay-logged-in cookie and use it to ...

Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being disclosed to attackers. This can include information such as ...

Adding authentication credentials for web app sites enables Burp Scanner to discover and audit content that is only accessible to authenticated users.

This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function. Launching labs may take some time, ...

This lab involves a front-end and back-end server, and the front-end server doesn't support chunked encoding. The front-end server rejects requests that aren't using the GET or POST method. To solve ...

Phishing involves tricking a target into submitting their ID, password, or payment card data to an attacker. Login credentials for online banking, webmail, or e-commerce sites are among the potential ...

In this section, we'll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability.

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double are HTML encoded and single quotes are escaped. To solve ...

This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response. A script on ...

This lab has some account functionality that is protected by a CSRF token and also has a confirmation dialog to protect against Clickjacking. To solve this lab construct an attack that fools the user ...

This section describes how to generate Standard and Compliance reports. You can send scan summary reports automatically, by email.