This page requires JavaScript for an enhanced user experience.

This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function. Launching labs may take some time, ...

This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata ...

Launching labs may take some time, please hold on while we build your environment.

This page requires JavaScript for an enhanced user experience.

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which ...

If you’re looking for cross-site scripting attack news, The Daily Swig has all bases covered. Cross-site scripting (XSS) is a major attack vector in the web security sphere. While news about XSS ...

This lab contains a path traversal vulnerability in the display of product images. The application blocks input containing path traversal sequences. It then performs a URL-decode of the input before ...

This website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework ...

Please enter the new license details below to start your Burp Suite Professional quotation.

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

This lab implements access controls based partly on the HTTP method of requests. You can familiarize yourself with the admin panel by logging in using the credentials ...