Portswigger

BurpSuite安全实验室，靶场2022-07-15 19:32:34

推荐一个安全实验室，BurpSuite的。是在B站看deelmind视频时看到了。里面靶场很多，还有答案，用来练手很不错。 https://portswigger.net/web-security
Portswigger靶场XML外部实体注入（XXE）实验2022-05-23 01:03:45

Portswigger靶场XML外部实体注入（XXE）实验利用XXE外部实体检索文件 Exploiting XXE using external entities to retrieve files 靶场 exploiting-xxe-to-retrieve-files 说明 This lab has a "Check stock" feature that parses XML input and returns any unexpected values in t
Portswigger靶场SSRF实验2022-05-20 15:33:59

Portswigger靶场SSRF实验针对本地服务器的基础SSRF 靶场 basic-ssrf-against-localhost 说明 This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localho
portswigger靶场XSS攻击实验2022-05-14 01:03:52

portswigger靶场XSS攻击实验实验一、没有任何编码的反射型XSS 靶场 html-context-nothing-encoded 说明 This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack tha
portswigger靶场SQL注入实验2022-05-07 16:03:20

portswigger靶场SQL注入实验 SQL注入原理 SQL注入漏洞的形成原因是：用户输入被SQL解释器执行注入类型注入的两大类型数字型注入字符型注入按照请求方式分类 GET注入 POST注入 Cookie注入 HTTP header注入按照是否有回显分类显注盲注常见的注入手法报错注入报错注

ICode9

BurpSuite安全实验室，靶场2022-07-15 19:32:34

Portswigger靶场XML外部实体注入（XXE）实验2022-05-23 01:03:45

Portswigger靶场SSRF实验2022-05-20 15:33:59

portswigger靶场XSS攻击实验2022-05-14 01:03:52

portswigger靶场SQL注入实验2022-05-07 16:03:20