اللابات الخاصه بدوره eWPTv2 من موقع TryHackMe وموقع PortSwigger
الطلاب اللي بيدرسو دوره الـ eWPT وعاوزين يطبقوا اللابات العملية لكن مش عاوزين يشتركو في لابات شركه INE .. دي تجميعه لابات تغطي جميع اجزاء الدوره من موقع TryHackMe و PortSwigger تقدر تحلها وانت بتزاكر الدوره او وانت بتجهز للاختبار
https://tryhackme.com/room/vulnerabilities101
https://tryhackme.com/room/injection
https://tryhackme.com/room/dvwa
https://tryhackme.com/room/webgoat
https://tryhackme.com/room/owasptop10
لابات ثغره SQL Injection
https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
https://portswigger.net/web-security/sql-injection/lab-login-bypass
https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns
https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band-data-exfiltration
https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band
https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors
https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses
https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables
لابات خاصه بثغره xss
Reflected XSS into HTML context with nothing encoded
Stored XSS into HTML context with nothing encoded
DOM XSS in document.write
sink using source location.search
DOM XSS in innerHTML
sink using source location.search
DOM XSS in jQuery anchor href
attribute sink using location.search
source
DOM XSS in jQuery selector sink using a hashchange event
Reflected XSS into attribute with angle brackets HTML-encoded
Stored XSS into anchor href
attribute with double quotes HTML-encoded
Reflected XSS into a JavaScript string with angle brackets HTML encoded
DOM XSS in document.write
sink using source location.search
inside a select element
DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
Reflected XSS into HTML context with most tags and attributes blocked
Reflected XSS into HTML context with all tags blocked except custom ones
Reflected XSS with some SVG markup allowed
Reflected XSS in canonical link tag
Reflected XSS into a JavaScript string with single quote and backslash escaped
Exploiting cross-site scripting to steal cookies
Exploiting cross-site scripting to capture passwords
Exploiting XSS to perform CSRF
Reflected XSS with AngularJS sandbox escape without strings
Reflected XSS with AngularJS sandbox escape and CSP
Reflected XSS with event handlers and href
attributes blocked
Reflected XSS in a JavaScript URL with some characters blocked
Reflected XSS protected by very strict CSP, with dangling markup attack
Reflected XSS protected by CSP, with CSP bypass
دي لابات مستويات متدرجه من السهل للمتوسط للصعب للمعقد جدا انا حطيت كل المستويات علشان تكون داخل الامتحان متطمن بدون اي قلق
الردود