Web Security


CSE 365 - Fall 2023

Exploit various web security vulnerabilities.


Lectures and Reading

Slides:

Recorded Lectures:

11/15/23 Web Security Pt. 1:



11/20/23 Web Security Pt. 2:



11/22/23 Web Security Pt. 3:



Documentation that can help with solving these challenges:

The excellent kanak (creator of pwn.college) has recorded lectures and slides from prior CSE 365 that might be useful:

Web Security: Introduction



Web Security: Structured Query Language



Web Security: Injection



Web Security: Same-Origin Policy




Challenges

Exploit a path traversal vulnerability

Exploit a command injection vulnerability

Exploit an authentication bypass vulnerability

Exploit a structured query language injection vulnerability to login

Exploit a structured query language injection vulnerability to leak data

Exploit a structured query language injection vulnerability with an unknown database structure

Exploit a structured query language injection vulnerability to blindly leak data

Exploit a cross site scripting vulnerability

Exploit a cross site scripting vulnerability with more complicated context

Exploit a cross site scripting vulnerability to cause a user action

Exploit a cross site request forgery vulnerability

Exploit a cross site request forgery vulnerability where the request must POST

Exploit a cross site scripting vulnerability to exfilitrate user session data

Exploit a cross site scripting vulnerability to exfilitrate user data


Ranking

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score