Tag feed

#portswigger

58 posts3 followers

Explore Hashnode

Alternatives

Trending tags this week

MBMouhamed Ben Abdallaherinmin-writeups.hashnode.devMay 12 · 8 min read

Unprotected Admin Functionality

Platform: PortSwigger Web Security Academy Category: Access Control / Vertical Privilege Escalation Difficulty: Apprentice Tool(s): Browser only Date: 12/05/2026 Overview This lab demonstrates a ver

0

MZMarcin Z Wawracybersecwaw.hashnode.devJan 27 · 4 min read

ISC2 Cybersecurity Certification vs TryHackMe and PortSwigger Training Labs: A Comparison

Entering cybersecurity today can feel overwhelming. Newcomers are often torn between formal certifications focused on theory (like the ISC2 Certified in Cybersecurity – CC) and hands-on platforms such as TryHackMe and PortSwigger Web Security Academy...

0

JJebitoksharonjebitok.comDec 12, 2025 · 7 min read

XSS - Merry XSSMas (TryHackMe) 🎉🧑‍🎄

Cross-Site Scripting (XSS) remains one of the most deceptive and flexible web vulnerabilities because it blurs the line between user input and executable code. A single unchecked text field can allow an attacker to rewrite what a user sees, steal inf...

0

JJimmex04jimmexploit.hashnode.devSep 5, 2025 · 17 min read

Asynchronous Python for Penetration Testing

Hi everyone, this doc is gonna be loooong so you might need to grab some coffee In penetration testing, speed can make all the difference (as soon as you’re not getting caught). The faster your scripts can send requests, gather responses, and process...

0

OJOhekpeje Joel Odeyjoelodey.hashnode.devAug 16, 2025 · 2 min read

Lab: HTTP/2 request splitting via CRLF injection

Our target is to exploit a hypothetical web application, simulating real-world scenarios. To demonstrate HTTP/2 request splitting, we will follow a step-by-step solution provided by the lab: Setup with Burp Suite: Start by sending a request for GET ...

0

BSBornov Shyam Kalitacipherslog.hashnode.devAug 10, 2025 · 3 min read

Cipher's Log #6: Precision Over Breadth

There was a time when I thought the best play was to touch everything.One day I’d poke at XSS, the next day IDOR, maybe SSRF if I was in the mood.It felt like I was moving fast — learning “a bit of everything” — but in reality, I was skimming the sur...

0

RRyangomberyangombe.hashnode.devJul 23, 2025 · 5 min read

Solving PortSwigger Labs: CORS vulnerability with trusted null origin

Introduction Cross-Origin Resource Sharing (CORS) vulnerabilities can take many forms, and one of the most interesting variants involves trusting the "null" origin. In this article, we'll explore the PortSwigger Web Security Academy lab "CORS vulnera...

0

RRyangomberyangombe.hashnode.devJul 23, 2025 · 4 min read

Solving Portswigger Labs: CORS vulnerability with basic origin reflection

Introduction Cross-Origin Resource Sharing (CORS) vulnerabilities represent a significant security risk when misconfigured. In this walkthrough, we'll explore PortSwigger's "CORS vulnerability with basic origin reflection" lab, demonstrating how impr...

0

SSpinmatchspinmatch24.comJul 11, 2025 · 4 min read

From Takeoff to Cashout: SpinMatch Aviator Tips for Real Wins

Strap in and get prepared for takeoff! The Aviator game on Spinmatch isn’t just a game; it’s a thrilling experience. One minute you're on cloud 9, and the next, you're regretting not cashing out. But don’t worry. That happens to all people at some t...

0

ASAyush Sharmabyteandbugs.hashnode.devMay 24, 2025 · 2 min read

Breaking Paths & Bypassing Filters: A Journey Through Path Traversal

Introduction Today, I'm sharing my hands-on adventure through a real-world lab from PortSwigger's Web Security Academy, where I successfully exploited a Path Traversal vulnerability to read the sensitive /etc/passwd file. If you've ever wondered how ...

0

#portswigger

Search Hashnode

#portswigger

Explore Hashnode

Trending tags this week

Unprotected Admin Functionality

ISC2 Cybersecurity Certification vs TryHackMe and PortSwigger Training Labs: A Comparison

XSS - Merry XSSMas (TryHackMe) 🎉🧑‍🎄

Asynchronous Python for Penetration Testing

Lab: HTTP/2 request splitting via CRLF injection

Cipher's Log #6: Precision Over Breadth

Solving PortSwigger Labs: CORS vulnerability with trusted null origin

Solving Portswigger Labs: CORS vulnerability with basic origin reflection

From Takeoff to Cashout: SpinMatch Aviator Tips for Real Wins

Breaking Paths & Bypassing Filters: A Journey Through Path Traversal