11.7.6 (Incomplete)

October 2, 2025

Find a readable database configuration and read the password. The user we exploited in the XSS was not an administrator of the application. Use the database password to elevate privileges of the "v...

11.6.5 (Incomplete)

October 2, 2025

Capture any pre-filled passwords the user has saved in their browser. Send the captured credentials to the API Server.

11.6.4 (Incomplete)

October 2, 2025

Add the ability to store credentials and any accessible cookies that are obtained from an XSS victim. Some cookies might contain the HttpOnly attribute, making them inaccessible from JavaScript. Ho...

11.6.2

October 2, 2025

Change the form of the fake login page to prevent the form from loading a new page. Currently, if a user submits their credentials in the fake login page, we will not capture it and the user will b...

10.3.5

October 2, 2025

Create a script to parse the results of the XXE attack and cleanly display the file contents.

10.2.4

October 2, 2025

Update the token generator program to accept the start and stop values as command line parameters.

« Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 Next »