Lab 3: Clickjacking with a frame buster script
1. Executive Summary Vulnerability: Clickjacking (Frame Buster Bypass). Description: The application attempts to protect itself from being framed by using a legacy client-side JavaScript “frame b...
Kh4n Security
Lab 2: Clickjacking with form input data prefilled from a URL parameter
1. Executive Summary Vulnerability: Clickjacking (UI Redressing) combined with Parameter Injection. Description: The application relies on CSRF tokens to protect the “Update email” functionality,...
Lab 1: Basic clickjacking with CSRF token protection
1. Executive Summary Vulnerability: Clickjacking (UI Redressing). Description: The application relies entirely on CSRF (Cross-Site Request Forgery) tokens to protect state-changing actions like “...
Lab 05: SSRF with filter bypass via open redirection vulnerability
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) chained with Open Redirection. Description: The application features a stock checker that is strictly protected by a whiteli...
Lab 04: SSRF with whitelist-based input filter
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) via URL Parsing Inconsistencies. Description: The application attempts to secure its stock check feature by validating the u...
Lab 03: SSRF with blacklist-based input filter
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) with Weak Blacklist Defenses. Description: The application’s stock check feature accepts a user-controlled URL. The develope...
Lab 02: Basic SSRF against another back-end system
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) targeting internal networks. Description: The application’s stock check feature accepts a user-controlled URL and fetches it...
Lab 01: Basic SSRF against the local server
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF). Description: The application features a “stock check” function that fetches data from an internal system. The endpoint rece...
Lab 04: JWT authentication bypass via jwk header injection
1. Executive Summary Vulnerability: JWT Signature Bypass (Insecure jwk Header Processing). Description: The JSON Web Token (JWT) specification allows for a jwk (JSON Web Key) parameter in the tok...
Lab 03: JWT authentication bypass via weak signing key
1. Executive Summary Vulnerability: Weak Cryptographic Key (Brute-Forceable HMAC). Description: The application signs JSON Web Tokens (JWT) using the HS256 algorithm (HMAC + SHA-256). This algori...