Share
## https://sploitus.com/exploit?id=3B448EB8-2E8A-5A12-AC36-890F075E6622
# PortSwigger Web Security Academy โ€” Lab Notes

Notes from completed PortSwigger Web Security Academy labs. Each write-up covers the vulnerability class, exploitation technique, payload breakdown, and remediation.

---

## Completed Labs

| Lab | Vulnerability Class | Difficulty |
|---|---|---|
| [SQL Injection UNION Attack](sql-injection-union-attack.md) | `sql-injection` `union-based` | Practitioner |
| [Reflected XSS โ€” HTML Context](reflected-xss-html-context.md) | `xss` `reflected` | Apprentice |
| [Authentication Bypass via Timing](authentication-bypass-timing.md) | `broken-auth` `timing-attack` `ip-bypass` | Practitioner |

---

## Tags

`#sql-injection` `#union-attack` `#xss` `#reflected-xss` `#broken-authentication`  
`#timing-side-channel` `#bcrypt` `#x-forwarded-for` `#burp-suite` `#owasp`

---

## Disclaimer

All labs documented here are from PortSwigger's intentionally vulnerable training environment. No real systems were tested. These notes are for educational purposes only.