Web Security Academy Solutions
CtrlK
  • Server-Side Topics
    • NoSQL Injection
      • Lab: Detecting NoSQL injection
      • Lab: Exploiting NoSQL operator injection to bypass authentication
      • Lab: Exploiting NoSQL injection to extract data
      • Lab: Exploiting NoSQL operator injection to extract unknown fields
    • Race Conditions
      • Lab: Limit overrun race conditions
      • Lab: Bypassing rate limits via race conditions
      • Lab: Multi endpoint race conditions
      • Lab: Single endpoint race conditions
      • Lab: Partial construction race conditions
      • Lab: Exploiting time sensitive vulnerabilities
    • Web Cache Deception
      • Lab: Exploiting path mapping for web cache deception
      • Lab: Exploiting path delimiters for web cache deception
      • Lab: Exploiting origin server normalization for web cache deception
      • Lab: Exploiting cache server normalization for web cache deception
      • Lab: Exploiting exact match cache rules for web cache deception
    • API Testing
      • Lab: Exploiting an API endpoint using documentation
      • Lab: Finding and exploiting an unused API endpoint
      • Lab: Exploiting a mass assignment vulnerability
      • Lab Exploiting server side parameter pollution in a query string
      • Lab: Exploiting server side parameter pollution in a REST URL
  • Advanced Topics
    • Web LLM attacks
      • Lab: Exploiting LLM APIs with excessive agency
      • Lab: Exploiting vulnerabilities in LLM APIs
      • Lab: Indirect prompt injection
      • Lab: Exploiting insecure output handling in LLMs
    • GraphQL API Vulnerabilities
      • Lab: Accessing private GraphQL posts
      • Lab: Accidental exposure of private GraphQL fields
      • Lab: Finding a hidden GraphQL endpoint
      • Lab: Bypassing GraphQL brute force protections
      • Lab: Performing CSRF exploits over GraphQL
Powered by GitBook
On this page
  1. Server-Side Topics

Race Conditions

This section contains all walkthroughs of the topic Race Conditions.

Lab: Limit overrun race conditionsLab: Bypassing rate limits via race conditionsLab: Multi endpoint race conditionsLab: Single endpoint race conditionsLab: Partial construction race conditionsLab: Exploiting time sensitive vulnerabilities
PreviousLab: Exploiting NoSQL operator injection to extract unknown fieldsNextLab: Limit overrun race conditions