XSS Lab #9 - Reflected XSS into a JavaScript String with Angle Brackets HTML Encoded

Lab Description Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded This lab contains a reflected cross-site scripting vulnerability in the search query tracking function...

May 18, 2026 Web Security Academy, XSS

XSS Lab #10 - DOM XSS in document.write Sink Using source location.search Inside a Select Element

Lab Description Lab: DOM XSS in document.write sink using source location.search inside a select element This lab contains a DOM-based cross-site scripting vulnerability in the stock checker func...

May 18, 2026 Web Security Academy, XSS

Flag Command - HTB CTF Write-up

Challenge Overview Category: Web Security / API Exploitation Target: http://154.57.164.76:31023/ A whimsical, interactive text-based game where you wake up in a mysterious alien forest. Navigate ...

Apr 22, 2026 CTF, Web Security

Bucket - HTB

About Bucket “A port scan conducted with nmap reveals port 80 running an Apache server, with stored files pointing to an open S3 bucket. It’s possible to upload a PHP shell to the bucket to establ...

Feb 21, 2026 HackTheBox, Medium

SteamCloud - HTB

About SteamCloud A port scan conducted with nmap reveals specific Kubernetes and Kubelet ports running on the target. It is not possible to enumerate the Kubernetes API because it requires authent...

Jan 11, 2026 HackTheBox, Easy