Learn how to exploit a Stored XSS in the href attribute of an anchor in PortSwigger Lab. Step-by-step guide to execute JavaScript when clicking on the comment author's name when double quotes are HTML-encoded.
Explanation of the Clickjacking attack (UI redressing), how it works through invisible iframes to trick users into performing unauthorized actions, and how to protect against it using X-Frame-Options and Content Security Policy.
Complete review of INE Security's eWPT certification: web pentesting course, OWASP vulnerabilities, hands-on exam, and my experience as a Web Penetration Tester.
Learn how to exploit a Reflected XSS in an HTML attribute in PortSwigger Lab. Step-by-step guide to inject a malicious attribute that executes JavaScript when angle brackets are HTML-encoded.
If you like the content and want to support the project, you can buy me a coffee. Your support helps keep the site active and create more quality content.
Buy me a coffeeThanks for your support 🙏