اللابات الخاصه بدوره eWPTv2 من موقع TryHackMe وموقع PortSwigger

الطلاب اللي بيدرسو دوره الـ eWPT وعاوزين يطبقوا اللابات العملية لكن مش عاوزين يشتركو في لابات شركه INE .. دي تجميعه لابات تغطي جميع اجزاء الدوره من موقع TryHackMe و PortSwigger تقدر تحلها وانت بتزاكر الدوره او وانت بتجهز للاختبار

https://tryhackme.com/room/vulnerabilities101

https://tryhackme.com/room/injection

https://tryhackme.com/room/dvwa

https://tryhackme.com/room/webgoat

https://tryhackme.com/room/owasptop10

لابات ثغره SQL Injection

https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

https://portswigger.net/web-security/sql-injection/lab-login-bypass

https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle

https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft

https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle

https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns

https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding

https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band-data-exfiltration

https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band

https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors

https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses

https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables

لابات خاصه بثغره xss

Reflected XSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

DOM XSS in document.write sink using source location.search

DOM XSS in innerHTML sink using source location.search

DOM XSS in jQuery anchor href attribute sink using location.search source

DOM XSS in jQuery selector sink using a hashchange event

Reflected XSS into attribute with angle brackets HTML-encoded

Stored XSS into anchor href attribute with double quotes HTML-encoded

Reflected XSS into a JavaScript string with angle brackets HTML encoded

DOM XSS in document.write sink using source location.search inside a select element

DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded

Reflected DOM XSS

Stored DOM XSS

Reflected XSS into HTML context with most tags and attributes blocked

Reflected XSS into HTML context with all tags blocked except custom ones

Reflected XSS with some SVG markup allowed

Reflected XSS in canonical link tag

Reflected XSS into a JavaScript string with single quote and backslash escaped

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Exploiting cross-site scripting to steal cookies

Exploiting cross-site scripting to capture passwords

Exploiting XSS to perform CSRF

Reflected XSS with AngularJS sandbox escape without strings

Reflected XSS with AngularJS sandbox escape and CSP

Reflected XSS with event handlers and href attributes blocked

Reflected XSS in a JavaScript URL with some characters blocked

Reflected XSS protected by very strict CSP, with dangling markup attack

Reflected XSS protected by CSP, with CSP bypass

دي لابات مستويات متدرجه من السهل للمتوسط للصعب للمعقد جدا انا حطيت كل المستويات علشان تكون داخل الامتحان متطمن بدون اي قلق