Advanced XSS and CSRF Exploitation
Skills Assessment
You are tasked to perform a security assessment of a client's web application. The client's administrator recently attended a hardening workshop and applied some hardening measures. He is now interested in the overall security of the web application. The client's highest priority is the confidentiality of the database; therefore, exfiltrating data from it is a high-value target.
For the assessment, the client has granted you access to a low-privilege user: htb-stdnt:Academy_student!. Apply what you have learned in this module to obtain the flag.
/ 1 spawns left
Questions
Answer the question(s) below to complete this Section and earn cubes!
Click here to spawn the target system!
Target:
Click here to spawn the target system!
-
exfiltrate.htb -
exploitserver.htb -
vulnerablesite.htb
Authenticate to with user "htb-stdnt" and password "Academy_student!"
+10 Streak pts
Table of Contents
Introduction to Advanced CSRF & XSS Exploitation
Introduction to Advanced CSRF & XSS Exploitation Introduction to the Lab Environment Lab WarmupCSRF Exploitation
Introduction to CSRF Exploitation Same-Origin Policy & CORS CORS Misconfigurations Bypassing CSRF Tokens via CORS Misconfigurations Misc CSRF ExploitationXSS Exploitation
Introduction to XSS Exploitation Launching Attacks from the Victim's Session Enumerating internal APIs Exploiting internal Web Applications I Exploiting internal Web Applications II Content-Security Policy (CSP) Bypassing Weak CSPs XSS Filter BypassesSkills Assessment
Skills AssessmentMy Workstation
OFFLINE
/ 1 spawns left
