Security-Research

• Nov 14, 2025 SQLi Vulnerabilities: Lab 7: SQL injection attack, querying the database type and version on MySQL and Microsoft
• Nov 14, 2025 SQLi Vulnerabilities: Lab 8: SQL injection attack, listing the database contents on non-Oracle databases
• Nov 13, 2025 SQLi Vulnerabilities: Lab 4: SQL injection UNION attack, finding a column containing text
• Nov 13, 2025 SQLi Vulnerabilities: Lab 5: SQL injection UNION attack, retrieving data from other tables
• Nov 13, 2025 SQLi Vulnerabilities: Lab 6: SQL injection UNION attack, retrieving multiple values in a single column
• Nov 12, 2025 SQLi Vulnerabilities: Lab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
• Nov 12, 2025 SQLi Vulnerabilities: Lab 2: SQL injection vulnerability allowing login bypass
• Nov 12, 2025 SQLi Vulnerabilities: Lab 3: SQL injection UNION attack, determining the number of columns returned by the query
• Nov 11, 2025 Authentication Vulnerabilities: Lab 12: Password brute-force via password change
• Nov 10, 2025 Authentication Vulnerabilities: Lab 10: Password reset broken logic
• Nov 10, 2025 Authentication Vulnerabilities: Lab 11: Password reset poisoning via middleware
• Nov 10, 2025 Authentication Vulnerabilities: Lab 9: Offline password cracking after stealing user session cookie via xss
• Nov 7, 2025 Authentication Vulnerabilities: Lab 7: 2FA broken logic
• Nov 7, 2025 Authentication Vulnerabilities: Lab 8: Brute-forcing a stay-logged-in cookie
• Nov 6, 2025 Authentication Vulnerabilities: Lab 4: Broken brute-force protection, IP block
• Nov 6, 2025 Authentication Vulnerabilities: Lab 5: Username enumeration via account lock
• Nov 6, 2025 Authentication Vulnerabilities: Lab 6: 2FA simple bypass
• Nov 5, 2025 Authentication Vulnerabilities: Lab 1: Username enumeration via different responses
• Nov 5, 2025 Authentication Vulnerabilities: Lab 2: Username enumeration via subtly different responses
• Nov 5, 2025 Authentication Vulnerabilities: Lab 3 : Username enumeration via response timing
• Oct 12, 2025 LLM APIs Lab 3: Indirect Prompt Injection
• Oct 11, 2025 LLM APIs Lab 1: Guardrails & Consent Checks for Tool-Calling Models
• Oct 11, 2025 LLM APIs Lab 2: OS Command Injection via Tool-Calling API
• Oct 3, 2025 DOM XSS Lab 5: jQuery :contains() selector sink with location.hash source
• Oct 1, 2025 DOM XSS Lab 4: jQuery anchor href sink with location.search source
• Sep 30, 2025 DOM XSS Lab 3: Exploiting innerHTML with location.search in the Search Message
• Sep 29, 2025 DOM XSS Lab 2: Exploiting document.write with location.search in Select Elements