Web Security Academy - Labs: #
Web LLM attacks #
Insecure deserialization #
- Exploiting PHP deserialization with a pre-built gadget chain
- Exploiting Java deserialization with Apache Commons
- Using application functionality to exploit insecure deserialization
- Arbitrary object injection in PHP
- Modifying serialized data types
- Exploiting Ruby deserialization using a documented gadget chain
File Path Traversal #
- [Absolute Path Bypass](/Web-Security-Academy-File-Path-Traversal Absolute-Path-Bypass)
SQL Injection #
Server-side request forgery (SSRF) #
Cross-site scripting #
last updated: