x0prc's notes

Tag: ps-wsa-labs

46 items with this tag.

Feb 03, 2026
CSRF where Referer validation depends on header being present
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF where token is duplicated in cookie
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF where token is not tied to user session
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF where token is tied to non-session cookie
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF where token validation depends on request method
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF where token validation depends on token being present
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF with broken Referer validation
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF with no defenses
- ps-wsa-labs
- csrf
Feb 03, 2026
CSRF
- ps-wsa-labs
- csrf
Feb 03, 2026
SameSite Lax bypass via cookie refresh
- ps-wsa-labs
- csrf
Feb 03, 2026
SameSite Lax bypass via method override
- ps-wsa-labs
- csrf
Feb 03, 2026
SameSite Strict bypass via client-side redirect
- ps-wsa-labs
- csrf
Feb 03, 2026
SameSite Strict bypass via sibling domain
- ps-wsa-labs
- csrf
Feb 03, 2026
PS WSA Labs
- ps-wsa-labs
Feb 03, 2026
Blind SQLi with conditional errors
- ps-wsa-labs
- sqli
Feb 03, 2026
Blind SQLi with conditional responses
- ps-wsa-labs
- sqli
Feb 03, 2026
Blind SQLi with out-of-band data exfiltration
- ps-wsa-labs
- sqli
Feb 03, 2026
Blind SQLi with out-of-band interaction
- ps-wsa-labs
- sqli
Feb 03, 2026
Determining the number of columns returned by the query
- ps-wsa-labs
- sqli
Feb 03, 2026
Finding a column containing text
- ps-wsa-labs
- sqli
Feb 03, 2026
Listing the database contents on Oracle
- ps-wsa-labs
- sqli
Feb 03, 2026
Listing the database contents on non-Oracle databases
- ps-wsa-labs
- sqli
Feb 03, 2026
Querying the database type and version on MySQL and Microsoft
- ps-wsa-labs
- sqli
Feb 03, 2026
Querying the database type and version on Oracle
- ps-wsa-labs
- sqli
Feb 03, 2026
Retrieving data from other tables
- ps-wsa-labs
- sqli
Feb 03, 2026
Retrieving multiple values in a single column
- ps-wsa-labs
- sqli
Feb 03, 2026
SQLi with filter bypass via XML encoding
- ps-wsa-labs
- sqli
Feb 03, 2026
SQLi
- ps-wsa-labs
- sqli
Feb 03, 2026
Visible error-based SQLi
- ps-wsa-labs
- sqli
Feb 03, 2026
Vulnerability allowing login bypass
- ps-wsa-labs
- sqli
Feb 03, 2026
Vulnerability in WHERE clause allowing retrieval of hidden data
- ps-wsa-labs
- sqli
Feb 03, 2026
RXSS in a JavaScript URL with some characters blocked
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS in canonical link tag
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS into HTML context with all tags blocked except custom ones
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS into HTML context with most tags and attributes blocked
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS into HTML context with nothing encoded
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS into a JavaScript string with single quote and backslash escaped
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS protected by CSP, with CSP bypass
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS with AngularJS sandbox escape and CSP
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS with AngularJS sandbox escape without strings
- ps-wsa-labs
- xss
Feb 03, 2026
RXSS with some SVG markup allowed
- ps-wsa-labs
- xss
Feb 03, 2026
Reflected DOM XSS
- ps-wsa-labs
- xss
Feb 03, 2026
Stored DOM XSS
- ps-wsa-labs
- xss
Feb 03, 2026
Stored XSS into HTML context with nothing encoded
- ps-wsa-labs
- xss
Feb 03, 2026
XSS
- ps-wsa-labs
- xss

Created with Quartz v4.5.2 © 2026

GitHub
Discord Community