Preview Image

CSRF where token validation depends on request method

Laboratorio de Portswigger sobre CSRF

07/03/2025 Portswigger, CSRF

Preview Image

CSRF vulnerability with no defenses

Laboratorio de Portswigger sobre CSRF

07/03/2025 Portswigger, CSRF

Preview Image

Exploiting NoSQL operator injection to extract unknown fields

Laboratorio de Portswigger sobre NoSQLI

04/03/2025 Portswigger, NoSQLI

Preview Image

Exploiting NoSQL injection to extract data

Laboratorio de Portswigger sobre NoSQLI

03/03/2025 Portswigger, NoSQLI

Preview Image

Exploiting NoSQL operator injection to bypass authentication

Laboratorio de Portswigger sobre NoSQLI

02/03/2025 Portswigger, NoSQLI

Preview Image

Detecting NoSQL injection

Laboratorio de Portswigger sobre NoSQLI

01/03/2025 Portswigger, NoSQLI

Preview Image

Bypassing GraphQL brute force protections

Laboratorio de Portswigger sobre GraphQL API

28/02/2025 Portswigger, GraphQL API

Preview Image

Finding a hidden GraphQL endpoint

Laboratorio de Portswigger sobre GraphQL API

27/02/2025 Portswigger, GraphQL API

Preview Image

Accidental exposure of private GraphQL fields

Laboratorio de Portswigger sobre GraphQL API

26/02/2025 Portswigger, GraphQL API

Preview Image

Accessing private GraphQL posts

Laboratorio de Portswigger sobre GraphQL API

26/02/2025 Portswigger, GraphQL API