CSTI - missing Angular reference and ng-app / changed utext to text to avoid xss
GraphQL-Injections - missing Jquery 1.11.1
Credentials-guessing-1 - Added placeholder for username (all languages)
Credentials-guessing-2 - missing app on pom.xml
JWT-Null - changed host:port that was hardcoded on ajax call / missing Jquery 1.11.1
JWT-Secret - wrong credentials on index.html
IDOR - changed error msg to correct range (1-100)
csrf-samesite - removed flask warning
xss-dom - missing submit function
xss-dom-2 - missing Jquery 1.11.1
client-side-restriction-bypass - missing badge.svg / logic error on values
client-side-restriction-bypass-2 - db was not refreshing -> spring.sql.init.mode=always / fixed refresh page issue
csrf-samesite - db was not refreshing -> spring.sql.init.mode=always
CMD - fixed to work on hackOS
CMD4 - fixed to work on hackOS
SSTI - added lab
Write-ups
Added missing write-ups to summary and fixed path issues
fixed template.md
JWT-Null - fixed issue on step 1 (all languages)
JWT-Null - new screenshots for Java + fixes in payload
IDOR - new screenshots for Java + fixes
Graphql-IDOR - fixed typo on credentials (all languages)
CSRF - pip/python -> pip3/python3 , localhost -> 0.0.0.0
Session-hijacking-XSS - pip/python -> pip3/python3 / write-up was missing from summary
Sqli - fixed last query (python/java)
CSSI - removed wrong text from reconnaissance / issue with last img (all languages)
Untrusted-sources-JS - changed server to serve js file to python flask
CSTI - added write-up for Java and new screenshots
CMD - Adapted write-up for Java using xcalc as PoC and new screenshots
CMD4 - fixed blacklist on Java write-up
CORS - fixed for Java and new screenshots
Fixes for Java labs
CSTI - missing Angular reference and ng-app / changed utext to text to avoid xss GraphQL-Injections - missing Jquery 1.11.1 Credentials-guessing-1 - Added placeholder for username (all languages) Credentials-guessing-2 - missingapp on pom.xml
JWT-Null - changed host:port that was hardcoded on ajax call / missing Jquery 1.11.1
JWT-Secret - wrong credentials on index.html
IDOR - changed error msg to correct range (1-100)
csrf-samesite - removed flask warning
xss-dom - missing submit function
xss-dom-2 - missing Jquery 1.11.1
client-side-restriction-bypass - missing badge.svg / logic error on values
client-side-restriction-bypass-2 - db was not refreshing -> spring.sql.init.mode=always / fixed refresh page issue
csrf-samesite - db was not refreshing -> spring.sql.init.mode=always
CMD - fixed to work on hackOS
CMD4 - fixed to work on hackOS
SSTI - added lab
Write-ups
Added missing write-ups to summary and fixed path issues fixed template.md JWT-Null - fixed issue on step 1 (all languages) JWT-Null - new screenshots for Java + fixes in payload IDOR - new screenshots for Java + fixes Graphql-IDOR - fixed typo on credentials (all languages) CSRF - pip/python -> pip3/python3 , localhost -> 0.0.0.0 Session-hijacking-XSS - pip/python -> pip3/python3 / write-up was missing from summary Sqli - fixed last query (python/java) CSSI - removed wrong text from reconnaissance / issue with last img (all languages) Untrusted-sources-JS - changed server to serve js file to python flask CSTI - added write-up for Java and new screenshots CMD - Adapted write-up for Java using xcalc as PoC and new screenshots CMD4 - fixed blacklist on Java write-up CORS - fixed for Java and new screenshots