# | Lab Name | Level | Description | Detail |
1 |
Path traversal (LFI) |
1
|
Local File Inclusion (also known as LFI) is the process of inclu... |
|
2 |
Cross Site Scripting |
1
|
Cross-Site Scripting (XSS) attacks are a type of injection, in w... |
|
3 |
Cross site scripting (attribute) |
1
|
Cross-Site Scripting (XSS) attacks are a type of injection, in w... |
|
4 |
Cross site scripting (href) |
1
|
Cross-Site Scripting (XSS) attacks are a type of injection, in w... |
|
5 |
Insecure file upload |
1
|
Insecure File Upload vulnerabilities occur when web applications... |
|
6 |
Clickjacking |
1
|
Clickjacking is a type of malicious trick that uses multiple tra... |
|
7 |
Rate-limiting |
1
|
Rate-limiting is a technique used to limit the number of request... |
|
8 |
Open redirect |
1
|
Open Redirect vulnerabilities occur when an application redirect... |
|
9 |
Formulla injection |
1
|
Formula Injection vulnerabilities occur when user input is embed... |
|
10 |
Mass assingment attack |
1
|
Mass Assignment vulnerabilities occur when an application allows... |
|
11 |
Remote file inclusion |
1
|
Remote File Inclusion (also known as RFI) is the process of incl... |
|
12 |
Local file inclusion ( harder ) |
1
|
Local File Inclusion (also known as LFI) is the process of inclu... |
|
13 |
Local file inclusion ( hard ) |
1
|
Local File Inclusion (also known as LFI) is the process of inclu... |
|
14 |
Content security policiy |
1
|
Content Security Policy (CSP) is an added layer of security that... |
|
15 |
Regex Ddos |
1
|
Regular Expression Denial of Service (ReDoS) is a Denial of Serv... |
|
16 |
Command injection |
1
|
Command Injection vulnerabilities occur when user input is embed... |
|
17 |
Command injection ( easy ) |
1
|
Command Injection vulnerabilities occur when user input is embed... |
|
18 |
Information disclosure 1 |
1
|
Information Disclosure vulnerabilities occur when an application... |
|
19 |
Information disclosure 2 |
1
|
Information Disclosure vulnerabilities occur when an application... |
|
20 |
Authentication bypass ( easy ) |
1
|
Authentication Bypass vulnerabilities occur when an application ... |
|
21 |
Authentication bypass |
1
|
Authentication Bypass vulnerabilities occur when an application ... |
|
22 |
Right to left override attack |
1
|
Right-to-Left Override (RLO) is a Unicode attack that can be use... |
|
23 |
Client side restriction bypass |
1
|
Client-Side Restriction Bypass vulnerabilities occur when an app... |
|
24 |
Confidential Document |
1
|
Confidential Document is a document that contains sensitive info... |
|
25 |
DOM XSS |
1
|
DOM-based Cross-Site Scripting (DOM XSS) attacks are a type of i... |
|
26 |
Error Handling |
1
|
Error Handling vulnerabilities occur when an application does no... |
|
27 |
Outdated Whitelist |
1
|
Outdated Whitelist vulnerabilities occur when an application doe... |
|
28 |
Privacy Policy |
1
|
Privacy Policy is a document that contains information about how... |
|
29 |
Repetitive Registration |
1
|
Repetitive Registration vulnerabilities occur when an applicatio... |
|
30 |
Score Board |
1
|
Score Board is a document that contains information about the cu... |
|
31 |
Zero Stars |
1
|
Zero Stars is a document that contains information about the cur... |
|
32 |
Missing Encoding |
1
|
Missing Encoding vulnerabilities occur when an application does ... |
|
33 |
Exposed Metrics |
1
|
Exposed Metrics vulnerabilities occur when an application expose... |
|
67 |
SQLI-blind |
3
|
SQL Injection (SQLi) is a type of injection... |
|
34 |
Bonus Payload |
1
|
Bonus Payload is a document that contains sensitive information ... |
|
35 |
XSSI |
2
|
Cross-Site Script Inclusion (XSSI) is a type of injection... |
|
36 |
Cross site request forgery weak |
2
|
Cross-Site Request Forgery (CSRF) is a type of attack that occur... |
|
37 |
External entity attack |
2
|
External Entity Attack vulnerabilities occur when an application... |
|
38 |
SQLI (union select) |
2
|
SQL Injection (SQLi) is a type of injection... |
|
39 |
Open redirect ( harder ) |
2
|
Open Redirect vulnerabilities occur when an application redirect... |
|
40 |
SQLI -like |
2
|
SQL Injection (SQLi) is a type of injection... |
|
41 |
Insecure direct object reference |
2
|
Insecure Direct Object Reference vulnerabilities occur when an a... |
|
42 |
JWT null |
2
|
JSON Web Token (JWT) is a compact... |
|
43 |
JWT weak secret |
2
|
JSON Web Token (JWT) is a compact... |
|
44 |
Command injection ( harder ) |
2
|
Command Injection vulnerabilities occur when user input is embed... |
|
45 |
Authentication bypass ( harder ) |
2
|
Authentication Bypass vulnerabilities occur when an application ... |
|
46 |
Client side template injection |
2
|
Client-Side Template Injection vulnerabilities occur when an app... |
|
47 |
CSS Injection |
2
|
CSS Injection vulnerabilities occur when an application does not... |
|
48 |
Client side restriction bypass ( harder ) |
2
|
Client-Side Restriction Bypass vulnerabilities occur when an app... |
|
49 |
Credentials guessing ( easy ) |
2
|
Credentials Guessing vulnerabilities occur when an application d... |
|
50 |
Credentials guessing ( harder ) |
2
|
Credentials Guessing vulnerabilities occur when an application d... |
|
51 |
Credentials guessing ( hard ) |
2
|
Credentials Guessing vulnerabilities occur when an application d... |
|
52 |
Admin Section |
2
|
Admin Section is a document that contains information about the ... |
|
53 |
Deprecated Interface |
2
|
Deprecated Interface is a document that contains information abo... |
|
54 |
Five-Star Feedback |
2
|
Five-Star Feedback is a document that contains information about... |
|
55 |
Login Admin |
2
|
Login Admin is a document that contains information about the cu... |
|
56 |
Login MC SafeSearch |
2
|
Login MC SafeSearch is a document that contains information abou... |
|
57 |
Password Strength |
2
|
Password Strength is a document that contains information about ... |
|
58 |
Reflected XSS |
2
|
Reflected Cross-Site Scripting (XSS) vulnerabilities occur when ... |
|
59 |
Security Policy |
2
|
Security Policy is a document that contains information about th... |
|
60 |
View Basket |
2
|
View Basket is a document that contains information about the cu... |
|
61 |
Weird Crypto |
2
|
Weird Crypto is a document that contains information about the c... |
|
62 |
Cross site request forgery |
3
|
Cross-Site Request Forgery (CSRF) is a type of attack that occur... |
|
63 |
Cross site request forgery (same site) |
3
|
Cross-Site Request Forgery (CSRF) is a type of attack that occur... |
|
64 |
HttpOnly (session hijacking) |
3
|
HttpOnly is a flag that can be set on cookies to prevent them fr... |
|
65 |
Open redirect ( hard ) |
3
|
Open Redirect vulnerabilities occur when an application redirect... |
|
66 |
CORS exploitation |
3
|
Cross-Origin Resource Sharing (CORS) is a mechanism that allows ... |
|
68 |
Server side request forgery |
3
|
Server-Side Request Forgery (SSRF) is a type of attack that occu... |
|
69 |
Server side template injection |
3
|
Server-Side Template Injection vulnerabilities occur when an app... |
|
70 |
Insecure deserialization (yaml) |
3
|
Insecure Deserialization vulnerabilities occur when an applicati... |
|
71 |
Insecure deserialization pickle ( hard ) |
3
|
Insecure Deserialization vulnerabilities occur when an applicati... |
|
72 |
Insecure deserialization pickle ( harder ) |
3
|
Insecure Deserialization vulnerabilities occur when an applicati... |
|
73 |
Race condition |
3
|
lorem ipsum... |
|
74 |
Command injection ( hard ) |
3
|
Command Injection vulnerabilities occur when an application does... |
|
75 |
Command injection ( blind ) |
3
|
Command Injection vulnerabilities occur when an application does... |
|
76 |
Authentication bypass ( hard ) |
3
|
Authentication Bypass vulnerabilities occur when an application ... |
|
77 |
Session puzzeling |
3
|
Session Puzzling vulnerabilities occur when an application does ... |
|
78 |
Graphql DOS |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
79 |
GraphQL IDOR |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
80 |
GraphQL Injections |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
81 |
GraphQL Introspection |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
82 |
GraphQL Mutations |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
83 |
Prototype pollution |
3
|
Prototype Pollution vulnerabilities occur when an application do... |
|
84 |
API-only XSS |
3
|
API-only XSS vulnerabilities occur when an application does not ... |
|
85 |
Admin Registration |
3
|
Admin Registration vulnerabilities occur when an application doe... |
|
86 |
Bjoerns Favorite Pet |
3
|
Bjoerns Favorite Pet vulnerabilities occur when an application d... |
|
87 |
CAPTCHA Bypass |
3
|
CAPTCHA Bypass vulnerabilities occur when an application does no... |
|
88 |
Client-side XSS Protection |
3
|
Client-side XSS Protection vulnerabilities occur when an applica... |
|
89 |
Database Schema |
3
|
Database Schema vulnerabilities occur when an application does n... |
|
90 |
Forged Feedback |
3
|
Forged Feedback vulnerabilities occur when an application does n... |
|
91 |
Forged Review |
3
|
Forged Review vulnerabilities occur when an application does not... |
|
92 |
GDPR Data Erasure |
3
|
GDPR Data Erasure vulnerabilities occur when an application does... |
|
93 |
Login Amy |
3
|
Login Amy vulnerabilities occur when an application does not pro... |
|
94 |
Login Bender |
3
|
Login Bender vulnerabilities occur when an application does not ... |
|
95 |
Login Jim |
3
|
Login Jim vulnerabilities occur when an application does not pro... |
|
96 |
Manipulate Basket |
3
|
Manipulate Basket vulnerabilities occur when an application does... |
|
97 |
Payback Time |
3
|
Payback Time vulnerabilities occur when an application does not ... |
|
98 |
Privacy Policy Inspection |
3
|
Privacy Policy Inspection vulnerabilities occur when an applicat... |
|
99 |
Product Tampering |
3
|
Product Tampering vulnerabilities occur when an application does... |
|
100 |
Reset Jims Password |
3
|
Reset Jims Password vulnerabilities occur when an application do... |
|
101 |
Upload Size |
3
|
Upload Size vulnerabilities occur when an application does not p... |
|
102 |
Upload Type |
3
|
Upload Type vulnerabilities occur when an application does not p... |
|
103 |
XXE Data Access |
3
|
XXE Data Access vulnerabilities occur when an application does n... |
|
104 |
Deluxe Fraud |
3
|
Deluxe Fraud vulnerabilities occur when an application does not ... |
|
105 |
CSRF |
3
|
CSRF vulnerabilities occur when an application does not properly... |
|
106 |
Juice Shop CTF |
3
|
Juice Shop CTF vulnerabilities occur when an application does no... |
|
107 |
SKF Hack OS Python |
3
|
SKF Hack OS Python vulnerabilities occur when an application doe... |
|
108 |
SKF Hack OS Java |
3
|
SKF Hack OS Java vulnerabilities occur when an application does ... |
|
109 |
Host header auth bypass |
3
|
Host header auth bypass vulnerabilities occur when an applicatio... |
|
110 |
HTTP response splitting |
3
|
HTTP response splitting vulnerabilities occur when an applicatio... |
|
111 |
Websocket message manipulation |
3
|
Websocket message manipulation vulnerabilities occur when an app... |
|
112 |
SQLi login bypass |
3
|
SQLi login bypass vulnerabilities occur when an application does... |
|
113 |
Web cache poisoning |
3
|
Web cache poisoning vulnerabilities occur when an application do... |
|
114 |
Access Log |
4
|
Access Log vulnerabilities occur when an application does not pr... |
|
115 |
Christmas Special |
4
|
Christmas Special vulnerabilities occur when an application does... |
|
116 |
CSP Bypass |
4
|
CSP Bypass vulnerabilities occur when an application does not pr... |
|
117 |
Easter Egg |
4
|
Easter Egg vulnerabilities occur when an application does not pr... |
|
118 |
Ephemeral Accountant |
4
|
Ephemeral Accountant vulnerabilities occur when an application d... |
|
119 |
Expired Coupon |
4
|
Expired Coupon vulnerabilities occur when an application does no... |
|
120 |
Forgotten Developer Backup |
4
|
Forgotten Developer Backup vulnerabilities occur when an applica... |
|
121 |
Forgotten Sales Backup |
4
|
Forgotten Sales Backup vulnerabilities occur when an application... |
|
122 |
GDPR Data Theft |
4
|
GDPR Data Theft vulnerabilities occur when an application does n... |
|
123 |
HTTP-Header XSS |
4
|
HTTP-Header XSS vulnerabilities occur when an application does n... |
|
124 |
Leaked Unsafe Product |
4
|
Leaked Unsafe Product vulnerabilities occur when an application ... |
|
125 |
Legacy Typosquatting |
4
|
Legacy Typosquatting vulnerabilities occur when an application d... |
|
126 |
Login Bjoern |
4
|
Login Bjoern vulnerabilities occur when an application does not ... |
|
127 |
Misplaced Signature File |
4
|
Misplaced Signature File vulnerabilities occur when an applicati... |
|
128 |
Nested Easter Egg |
4
|
Nested Easter Egg vulnerabilities occur when an application does... |
|
129 |
NoSQL DoS |
4
|
NoSQL DoS vulnerabilities occur when an application does not pro... |
|
130 |
NoSQL Manipulation |
4
|
NoSQL Manipulation vulnerabilities occur when an application doe... |
|
131 |
Reset Benders Password |
4
|
Reset Benders Password vulnerabilities occur when an application... |
|
132 |
Server-side XSS Protection |
4
|
Server-side XSS Protection vulnerabilities occur when an applica... |
|
133 |
Steganography |
4
|
Steganography vulnerabilities occur when an application does not... |
|
134 |
User Credentials |
4
|
User Credentials vulnerabilities occur when an application does ... |
|
135 |
Vulnerable Library |
4
|
Vulnerable Library vulnerabilities occur when an application doe... |
|
136 |
Whitelist Bypass |
4
|
Whitelist Bypass vulnerabilities occur when an application does ... |
|
137 |
Blockchain Hype |
5
|
Blockchain Hype vulnerabilities occur when an application does n... |
|
138 |
Blocked RCE DoS |
5
|
Blocked RCE DoS vulnerabilities occur when an application does n... |
|
139 |
Change Benders Password |
5
|
Change Benders Password vulnerabilities occur when an applicatio... |
|
140 |
Email Leak |
5
|
Email Leak vulnerabilities occur when an application does not pr... |
|
141 |
Extra Language |
5
|
Extra Language vulnerabilities occur when an application does no... |
|
142 |
Frontend Typosquatting |
5
|
Frontend Typosquatting vulnerabilities occur when an application... |
|
143 |
Leaked Access Logs |
5
|
Leaked Access Logs vulnerabilities occur when an application doe... |
|
144 |
Login CISO |
5
|
Login CISO vulnerabilities occur when an application does not pr... |
|
145 |
NoSQL Exfiltration |
5
|
NoSQL Exfiltration vulnerabilities occur when an application doe... |
|
146 |
Reset Bjoerns Password |
5
|
Reset Bjoerns Password vulnerabilities occur when an application... |
|
147 |
Reset Mortys Password |
5
|
Reset Mortys Password vulnerabilities occur when an application ... |
|
148 |
Retrieve Blueprint |
5
|
Retrieve Blueprint vulnerabilities occur when an application doe... |
|
149 |
Supply Chain Attack |
5
|
Supply Chain Attack vulnerabilities occur when an application do... |
|
150 |
Two Factor Authentication |
5
|
Two Factor Authentication vulnerabilities occur when an applicat... |
|
151 |
Unsigned JWT |
5
|
Unsigned JWT vulnerabilities occur when an application does not ... |
|
152 |
XXE DoS |
5
|
XXE DoS vulnerabilities occur when an application does not prope... |
|
153 |
Cross-Site Imaging |
5
|
Cross-Site Imaging vulnerabilities occur when an application doe... |
|
154 |
Arbitrary File Write |
5
|
Arbitrary File Write vulnerabilities occur when an application d... |
|
155 |
Forged Coupon |
6
|
Forged Coupon vulnerabilities occur when an application does not... |
|
156 |
Forged Signed JWT |
6
|
Forged Signed JWT vulnerabilities occur when an application does... |
|
157 |
Imaginary Challenge |
6
|
Imaginary Challenge vulnerabilities occur when an application do... |
|
158 |
Login Support Team |
6
|
Login Support Team vulnerabilities occur when an application doe... |
|
159 |
Multiple Likes |
6
|
Multiple Likes vulnerabilities occur when an application does no... |
|
160 |
Premium Paywall |
6
|
Premium Paywall vulnerabilities occur when an application does n... |
|
161 |
SSRF |
6
|
SSRF vulnerabilities occur when an application does not properly... |
|
162 |
SSTi |
6
|
SSTi vulnerabilities occur when an application does not properly... |
|
163 |
Successful RCE DoS |
6
|
Successful RCE DoS vulnerabilities occur when an application doe... |
|
164 |
Video XSS |
6
|
Video XSS vulnerabilities occur when an application does not pro... |
|