43 Lab 1 OS command injection, simple case
46 Lab 4 Blind OS command injection with out-of-band interaction
45 Lab 3 Blind OS command injection with output redirection
42 Command Injection
41 Lab 4 CORS vulnerability with internal network pivot attack
39 Lab 2 CORS vulnerability with trusted null origin
40 Lab 3 CORS vulnerability with trusted insecure protocols
36 Lab 8 CSRF with broken Referer validation
37 Cross-Origin Resource Sharing (CORS)
38 Lab 1 CORS vulnerability with basic origin reflection
34 Lab 6 CSRF where token is duplicated in cookie
35 Lab 7 CSRF where Referer validation depends on header being present title
33 Lab 5 CSRF where token is tied to non-session cookie
32 Lab 4 CSRF where token is not tied to user session
31 Lab 3 CSRF where token validation depends on token being present
30 Lab 2 CSRF where token validation depends on request method
29 Lab 1 CSRF vulnerability with no defenses
28 Cross-Site Request Forgery (CSRF)
27 Lab 7 Blind SSRF with Shellshock exploitation
24 Lab 4 SSRF with whitelist-based input filter
25 Lab 5 SSRF with filter bypass via open redirection vulnerability
26 Lab 6 Blind SSRF with out-of-band detection
23 Lab 3 SSRF with blacklist-based input filter
17 Lab 14 Blind SQL injection with time delays and information retrieval title
22 Lab 2 Basic SSRF against another back-end system
20 Server-Side Request Forgery (SSRF)
21 Lab 1 Basic SSRF against the local server
19 Lab 16 Blind SQL injection with out of band data exfiltration
18 Lab 15 Blind SQL injection with out-of-band interaction
16 Lab 13 Blind SQL injection with time delays
15 Lab 12 Blind SQL injection with conditional errors
14 Lab 11 Blind SQL injection with conditional responses
13 Lab 10 SQL injection attack, listing the database contents on Oracle title
12 Lab 9 SQL injection attack, listing the database contents on non title
11 Lab 8 SQLi attack, querying the database type and version on MySQL & title
10 Lab 7 SQL injection attack, querying the database type and version on title w
9 Lab 6 SQL injection UNION attack, retrieving multiple values in a title
8 Lab 5 SQL injection UNION attack, retrieving data from other tables title
7 Lab 4 SQL injection UNION attack, finding a column containing text title
6 Lab 3 SQLi UNION attack determining the number of columns returned by title
4 Lab 1 SQL injection vulnerability in WHERE clause allowing retrieval title
3 SQL Injection
5 Lab 2 SQL injection vulnerability allowing login bypass
1 Introduction to the Web Security Academy Series
46 Lab 4 Blind OS command injection with out-of-band interaction
45 Lab 3 Blind OS command injection with output redirection
42 Command Injection
41 Lab 4 CORS vulnerability with internal network pivot attack
39 Lab 2 CORS vulnerability with trusted null origin
40 Lab 3 CORS vulnerability with trusted insecure protocols
36 Lab 8 CSRF with broken Referer validation
37 Cross-Origin Resource Sharing (CORS)
38 Lab 1 CORS vulnerability with basic origin reflection
34 Lab 6 CSRF where token is duplicated in cookie
35 Lab 7 CSRF where Referer validation depends on header being present title
33 Lab 5 CSRF where token is tied to non-session cookie
32 Lab 4 CSRF where token is not tied to user session
31 Lab 3 CSRF where token validation depends on token being present
30 Lab 2 CSRF where token validation depends on request method
29 Lab 1 CSRF vulnerability with no defenses
28 Cross-Site Request Forgery (CSRF)
27 Lab 7 Blind SSRF with Shellshock exploitation
24 Lab 4 SSRF with whitelist-based input filter
25 Lab 5 SSRF with filter bypass via open redirection vulnerability
26 Lab 6 Blind SSRF with out-of-band detection
23 Lab 3 SSRF with blacklist-based input filter
17 Lab 14 Blind SQL injection with time delays and information retrieval title
22 Lab 2 Basic SSRF against another back-end system
20 Server-Side Request Forgery (SSRF)
21 Lab 1 Basic SSRF against the local server
19 Lab 16 Blind SQL injection with out of band data exfiltration
18 Lab 15 Blind SQL injection with out-of-band interaction
16 Lab 13 Blind SQL injection with time delays
15 Lab 12 Blind SQL injection with conditional errors
14 Lab 11 Blind SQL injection with conditional responses
13 Lab 10 SQL injection attack, listing the database contents on Oracle title
12 Lab 9 SQL injection attack, listing the database contents on non title
11 Lab 8 SQLi attack, querying the database type and version on MySQL & title
10 Lab 7 SQL injection attack, querying the database type and version on title w
9 Lab 6 SQL injection UNION attack, retrieving multiple values in a title
8 Lab 5 SQL injection UNION attack, retrieving data from other tables title
7 Lab 4 SQL injection UNION attack, finding a column containing text title
6 Lab 3 SQLi UNION attack determining the number of columns returned by title
4 Lab 1 SQL injection vulnerability in WHERE clause allowing retrieval title
3 SQL Injection
5 Lab 2 SQL injection vulnerability allowing login bypass
1 Introduction to the Web Security Academy Series