## https://sploitus.com/exploit?id=0D069637-4F9A-53CE-8E4A-9A3A465AFB4D
# Browser Exploitation Lab
A comprehensive, industry-ready web application designed for learning and practicing modern client-side and browser-based vulnerabilities. This lab serves as a portfolio piece demonstrating an understanding of secure coding practices and web exploitation techniques.
## Overview
The **Browser Exploitation Lab** provides a safe, containerized environment to practice exploiting common front-end security flaws. It features a premium, responsive dashboard and individual vulnerable scenarios (labs), complete with a mock backend.
## Included Vulnerabilities
1. **DOM-Based XSS**: Exploiting insecure sinks (`innerHTML`) using tainted sources (`location.hash`).
2. **Stored XSS**: Injecting persistent malicious scripts via community comment boards.
3. **CORS Misconfiguration**: Exploiting overly permissive Cross-Origin Resource Sharing headers for data exfiltration.
4. **Insecure postMessage**: Bypassing missing origin validations to execute arbitrary code via HTML5 messaging.
5. **Cross-Site Request Forgery (CSRF)**: Forcing an authenticated user to perform state-changing actions due to missing anti-CSRF tokens and insecure cookies.
6. **Client-Side Prototype Pollution**: Manipulating JavaScript Object prototypes via recursive merge functions to achieve DOM XSS and privilege escalation.
## Getting Started
### Prerequisites
- [Docker](https://docs.docker.com/get-docker/)
- [Docker Compose](https://docs.docker.com/compose/install/)
*(Alternatively, you can run it directly with Node.js `npm start`, but Docker is recommended).*
### Installation & Execution
1. **Clone the repository:**
```bash
git clone https://github.com/SANJAY222-R/Browser-exploitation-lab.git
cd Browser-exploitation-lab
```
2. **Run with Docker Compose:**
```bash
docker-compose up -d --build
```
3. **Access the Lab:**
Navigate to `http://localhost:3000` in your web browser.
## Disclaimer
> [!WARNING]
> This application is intentionally vulnerable. **Do not** deploy it to a production environment or expose it to the public internet. It is strictly for educational purposes and local testing.
## Author
Developed as a professional portfolio project demonstrating expertise in Application Security, Node.js, and Modern Web UI design.