PortSwigger's "DOM XSS in jQuery selector sink using a hashchange event" Walkthrough
PortSwigger has added another Apprentice-level DOM-based XSS Labs from Portswigger. Before we get started, you’ll need a Portswigger Academy account. This blog post shows how to solve the lab manually.
After logging
PortSwigger's "Web shell upload via Content-Type restriction bypass" Walkthrough
This is the next of PortSwigger’s file upload labs. This one is only slightly more difficult because of a Content-Type check being performed by the server.
You’ll need Burp Suite set
PortSwigger's "Remote code execution via web shell upload" Walkthrough
This is a writeup for the first of PortSwigger’s file upload labs. This walkthrough is a simple shell upload with no additional restrictions.
For this walkthrough, you’ll need a Portswigger Academy
PortSwigger's "Authentication bypass via OAuth implicit flow" Walkthrough
PortSwigger recently added a set of OAuth labs and while most of them are Practitioner and Expert level, one has been created in the Apprentice category at the time of this writing. This
PortSwigger's "Clickjacking with a frame buster script" Walkthrough
This is the third of three Apprentice-level clickjacking labs from Portswigger Academy. For this walkthrough, you’ll need a Portswigger Academy account.
Log in to your Academy account and then view the lab