This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events.

In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...

This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http ...

Ransomware attacks have experienced a resurgence, with recent attacks focused on international healthcare, local government, and education sectors, in particular. A ransomware cyber-attack occurs when ...

In this section, we'll explain cross-site WebSocket hijacking (CSWSH), describe the impact of a compromise, and spell out how to perform a cross-site WebSocket hijacking attack. Cross-site WebSocket ...

WordPress is the world’s most popular content management system (CMS) used to help build and administer websites. Over the years, there has been no shortage of concern surrounding WordPress security, ...

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function. Practise ...

In some situations, an application that is vulnerable to SQL injection (SQLi) may implement various input filters that prevent you from exploiting the flaw without restrictions. For example, the ...

In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...

Launching labs may take some time, please hold on while we build your environment. Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See ...

The traditional way to prove that you've found a cross-site scripting vulnerability is to create a popup using the alert() function. This isn't because XSS has ...

Anti-CSRF tokens are randomly generated "challenge" tokens that are associated with the user’s current session. They are inserted within HTML forms and links associated with sensitive server-side ...