Implementing Tic Tac Toe with 170mb of HTML - no JS or CSS (portswigger.net)
Implementing Tic Tac Toe with 170mb of HTML - no JS or CSS (portswigger.net)
Implementing Tic Tac Toe with 170mb of HTML - no JS or CSS (portswigger.net)
HTML: best programming language confirmed
Exploiting XSS in hidden inputs and meta tags (portswigger.net)
Testing GraphQL APIs | Web Security Academy (portswigger.net)
Bypassing CSP via DOM clobbering (portswigger.net)
You might have found HTML injection, but unfortunately identified that the site is protected with CSP. All is not lost, it might be possible to bypass CSP using DOM clobbering, which you can now detect using DOM Invader! In this post we’ll show you how....
Stealing passwords from infosec Mastodon - without bypassing CSP (research) (portswigger.net)
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP....
Stealing passwords from infosec Mastodon - without bypassing CSP (portswigger.net)
Write-up from Nov. 2022, but I figured this would be interesting to people on the fediverse
Attacking GraphQL APIs (portswigger.net)
In this section we'll look at how to test GraphQL APIs. GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the ...