Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Web Security Academy
  2. Essential skills
  3. Using Burp Scanner during manual testing
  4. Lab

Lab: Discovering vulnerabilities quickly with targeted scanning

PRACTITIONER

This lab contains a vulnerability that enables you to read arbitrary files from the server. To solve the lab, retrieve the contents of /etc/passwd within 10 minutes.

Due to the tight time limit, we recommend using Burp Scanner to help you. You can obviously scan the entire site to identify the vulnerability, but this might not leave you enough time to solve the lab. Instead, use your intuition to identify endpoints that are likely to be vulnerable, then try running a targeted scan on a specific request. Once Burp Scanner has identified an attack vector, you can use your own expertise to find a way to exploit it.

Access the lab

Solution

This lab is designed to help you learn how targeted scans can assist you with basic recon. As such, we will not be providing a step-by-step solution.

In this topic

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure File upload vulnerabilities JWT attacks Essential skills Prototype pollution
Try Burp Suite for Free

Practice these skills using Burp Suite

Try for free

We’re going teetotal – It’s goodbye to The Daily Swig

02 March 2023 We’re going teetotal – It’s goodbye to The Daily Swig PortSwigger today announces that The Daily Swig is closing down

Bug Bounty Radar

The latest bug bounty programs for March 2023 28 February 2023 Bug Bounty Radar The latest bug bounty programs for March 2023

Indian gov flaws allowed creation of counterfeit driving licenses

28 February 2023 Indian gov flaws allowed creation of counterfeit driving licenses Armed with personal data fragments, a researcher could also access 185 million citizens’ PII

Password managers part II

A rough guide to enterprise secret platforms 27 February 2023 Password managers part II A rough guide to enterprise secret platforms

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here