## https://sploitus.com/exploit?id=193F2529-54C3-5081-92C5-8D6E4981632A
# PortSwigger Web Security Academy Lab Notes
This repository contains my personal lab notes and reports for the PortSwigger Web Security Academy. These notes document the exploitation process, payloads, and key takeaways for each lab I have solved.
The goal is to move beyond just solving the labs and into deeply understanding the underlying vulnerabilities and exploitation techniques.
## Progress Summary
| Category | Solved |
| :--- | :--- |
| Cross-site scripting (XSS) | 6 |
| XML external entity (XXE) injection | 2 |
| Server-side request forgery (SSRF) | 5 |
| OS command injection | 3 |
| Server-side template injection (SSTI) | 7 |
| Path traversal | 6 |
| Access control vulnerabilities | 13 |
| Authentication | 5 |
| Web cache poisoning | 6 |
| HTTP Host header attacks | 2 |
| File upload vulnerabilities | 5 |
| JWT | 6 |
| API testing | 4 |
| **Total** | **70** |
## Directory Structure
The notes are organized by vulnerability category within the `portswigger/` directory.
- `portswigger/`
- `[Category Name]/`
- `Lab [Number] - [Title].md`
## Methodology
Each lab note follows a consistent structure:
- **Description:** A brief overview of the lab's objective.
- **Analysis:** An explanation of the vulnerability and the vulnerable code path.
- **Exploitation:** Step-by-step instructions on how the vulnerability was exploited.
- **Payload:** The final payload(s) used to solve the lab.
- **Takeaways:** Key security lessons and mitigation strategies.
---