| # | Lab Name | Level | Description | Detail |
|---|
| 1 |
Path traversal (LFI) |
1
|
Local File Inclusion (also known as LFI) is the process of inclu... |
|
| 2 |
Cross Site Scripting |
1
|
Cross-Site Scripting (XSS) attacks are a type of injection, in w... |
|
| 3 |
Cross site scripting (attribute) |
1
|
Cross-Site Scripting (XSS) attacks are a type of injection, in w... |
|
| 4 |
Cross site scripting (href) |
1
|
Cross-Site Scripting (XSS) attacks are a type of injection, in w... |
|
| 5 |
Insecure file upload |
1
|
Insecure File Upload vulnerabilities occur when web applications... |
|
| 6 |
Clickjacking |
1
|
Clickjacking is a type of malicious trick that uses multiple tra... |
|
| 7 |
Rate-limiting |
1
|
Rate-limiting is a technique used to limit the number of request... |
|
| 8 |
Open redirect |
1
|
Open Redirect vulnerabilities occur when an application redirect... |
|
| 9 |
Formulla injection |
1
|
Formula Injection vulnerabilities occur when user input is embed... |
|
| 10 |
Mass assingment attack |
1
|
Mass Assignment vulnerabilities occur when an application allows... |
|
| 11 |
Remote file inclusion |
1
|
Remote File Inclusion (also known as RFI) is the process of incl... |
|
| 12 |
Local file inclusion ( harder ) |
1
|
Local File Inclusion (also known as LFI) is the process of inclu... |
|
| 13 |
Local file inclusion ( hard ) |
1
|
Local File Inclusion (also known as LFI) is the process of inclu... |
|
| 14 |
Content security policiy |
1
|
Content Security Policy (CSP) is an added layer of security that... |
|
| 15 |
Regex Ddos |
1
|
Regular Expression Denial of Service (ReDoS) is a Denial of Serv... |
|
| 16 |
Command injection |
1
|
Command Injection vulnerabilities occur when user input is embed... |
|
| 17 |
Command injection ( easy ) |
1
|
Command Injection vulnerabilities occur when user input is embed... |
|
| 18 |
Information disclosure 1 |
1
|
Information Disclosure vulnerabilities occur when an application... |
|
| 19 |
Information disclosure 2 |
1
|
Information Disclosure vulnerabilities occur when an application... |
|
| 20 |
Authentication bypass ( easy ) |
1
|
Authentication Bypass vulnerabilities occur when an application ... |
|
| 21 |
Authentication bypass |
1
|
Authentication Bypass vulnerabilities occur when an application ... |
|
| 22 |
Right to left override attack |
1
|
Right-to-Left Override (RLO) is a Unicode attack that can be use... |
|
| 23 |
Client side restriction bypass |
1
|
Client-Side Restriction Bypass vulnerabilities occur when an app... |
|
| 24 |
Confidential Document |
1
|
Confidential Document is a document that contains sensitive info... |
|
| 25 |
DOM XSS |
1
|
DOM-based Cross-Site Scripting (DOM XSS) attacks are a type of i... |
|
| 26 |
Error Handling |
1
|
Error Handling vulnerabilities occur when an application does no... |
|
| 27 |
Outdated Whitelist |
1
|
Outdated Whitelist vulnerabilities occur when an application doe... |
|
| 28 |
Privacy Policy |
1
|
Privacy Policy is a document that contains information about how... |
|
| 29 |
Repetitive Registration |
1
|
Repetitive Registration vulnerabilities occur when an applicatio... |
|
| 30 |
Score Board |
1
|
Score Board is a document that contains information about the cu... |
|
| 31 |
Zero Stars |
1
|
Zero Stars is a document that contains information about the cur... |
|
| 32 |
Missing Encoding |
1
|
Missing Encoding vulnerabilities occur when an application does ... |
|
| 33 |
Exposed Metrics |
1
|
Exposed Metrics vulnerabilities occur when an application expose... |
|
| 67 |
SQLI-blind |
3
|
SQL Injection (SQLi) is a type of injection... |
|
| 34 |
Bonus Payload |
1
|
Bonus Payload is a document that contains sensitive information ... |
|
| 35 |
XSSI |
2
|
Cross-Site Script Inclusion (XSSI) is a type of injection... |
|
| 36 |
Cross site request forgery weak |
2
|
Cross-Site Request Forgery (CSRF) is a type of attack that occur... |
|
| 37 |
External entity attack |
2
|
External Entity Attack vulnerabilities occur when an application... |
|
| 38 |
SQLI (union select) |
2
|
SQL Injection (SQLi) is a type of injection... |
|
| 39 |
Open redirect ( harder ) |
2
|
Open Redirect vulnerabilities occur when an application redirect... |
|
| 40 |
SQLI -like |
2
|
SQL Injection (SQLi) is a type of injection... |
|
| 41 |
Insecure direct object reference |
2
|
Insecure Direct Object Reference vulnerabilities occur when an a... |
|
| 42 |
JWT null |
2
|
JSON Web Token (JWT) is a compact... |
|
| 43 |
JWT weak secret |
2
|
JSON Web Token (JWT) is a compact... |
|
| 44 |
Command injection ( harder ) |
2
|
Command Injection vulnerabilities occur when user input is embed... |
|
| 45 |
Authentication bypass ( harder ) |
2
|
Authentication Bypass vulnerabilities occur when an application ... |
|
| 46 |
Client side template injection |
2
|
Client-Side Template Injection vulnerabilities occur when an app... |
|
| 47 |
CSS Injection |
2
|
CSS Injection vulnerabilities occur when an application does not... |
|
| 48 |
Client side restriction bypass ( harder ) |
2
|
Client-Side Restriction Bypass vulnerabilities occur when an app... |
|
| 49 |
Credentials guessing ( easy ) |
2
|
Credentials Guessing vulnerabilities occur when an application d... |
|
| 50 |
Credentials guessing ( harder ) |
2
|
Credentials Guessing vulnerabilities occur when an application d... |
|
| 51 |
Credentials guessing ( hard ) |
2
|
Credentials Guessing vulnerabilities occur when an application d... |
|
| 52 |
Admin Section |
2
|
Admin Section is a document that contains information about the ... |
|
| 53 |
Deprecated Interface |
2
|
Deprecated Interface is a document that contains information abo... |
|
| 54 |
Five-Star Feedback |
2
|
Five-Star Feedback is a document that contains information about... |
|
| 55 |
Login Admin |
2
|
Login Admin is a document that contains information about the cu... |
|
| 56 |
Login MC SafeSearch |
2
|
Login MC SafeSearch is a document that contains information abou... |
|
| 57 |
Password Strength |
2
|
Password Strength is a document that contains information about ... |
|
| 58 |
Reflected XSS |
2
|
Reflected Cross-Site Scripting (XSS) vulnerabilities occur when ... |
|
| 59 |
Security Policy |
2
|
Security Policy is a document that contains information about th... |
|
| 60 |
View Basket |
2
|
View Basket is a document that contains information about the cu... |
|
| 61 |
Weird Crypto |
2
|
Weird Crypto is a document that contains information about the c... |
|
| 62 |
Cross site request forgery |
3
|
Cross-Site Request Forgery (CSRF) is a type of attack that occur... |
|
| 63 |
Cross site request forgery (same site) |
3
|
Cross-Site Request Forgery (CSRF) is a type of attack that occur... |
|
| 64 |
HttpOnly (session hijacking) |
3
|
HttpOnly is a flag that can be set on cookies to prevent them fr... |
|
| 65 |
Open redirect ( hard ) |
3
|
Open Redirect vulnerabilities occur when an application redirect... |
|
| 66 |
CORS exploitation |
3
|
Cross-Origin Resource Sharing (CORS) is a mechanism that allows ... |
|
| 68 |
Server side request forgery |
3
|
Server-Side Request Forgery (SSRF) is a type of attack that occu... |
|
| 69 |
Server side template injection |
3
|
Server-Side Template Injection vulnerabilities occur when an app... |
|
| 70 |
Insecure deserialization (yaml) |
3
|
Insecure Deserialization vulnerabilities occur when an applicati... |
|
| 71 |
Insecure deserialization pickle ( hard ) |
3
|
Insecure Deserialization vulnerabilities occur when an applicati... |
|
| 72 |
Insecure deserialization pickle ( harder ) |
3
|
Insecure Deserialization vulnerabilities occur when an applicati... |
|
| 73 |
Race condition |
3
|
lorem ipsum... |
|
| 74 |
Command injection ( hard ) |
3
|
Command Injection vulnerabilities occur when an application does... |
|
| 75 |
Command injection ( blind ) |
3
|
Command Injection vulnerabilities occur when an application does... |
|
| 76 |
Authentication bypass ( hard ) |
3
|
Authentication Bypass vulnerabilities occur when an application ... |
|
| 77 |
Session puzzeling |
3
|
Session Puzzling vulnerabilities occur when an application does ... |
|
| 78 |
Graphql DOS |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
| 79 |
GraphQL IDOR |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
| 80 |
GraphQL Injections |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
| 81 |
GraphQL Introspection |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
| 82 |
GraphQL Mutations |
3
|
GraphQL is a query language for APIs and a runtime for fulfillin... |
|
| 83 |
Prototype pollution |
3
|
Prototype Pollution vulnerabilities occur when an application do... |
|
| 84 |
API-only XSS |
3
|
API-only XSS vulnerabilities occur when an application does not ... |
|
| 85 |
Admin Registration |
3
|
Admin Registration vulnerabilities occur when an application doe... |
|
| 86 |
Bjoerns Favorite Pet |
3
|
Bjoerns Favorite Pet vulnerabilities occur when an application d... |
|
| 87 |
CAPTCHA Bypass |
3
|
CAPTCHA Bypass vulnerabilities occur when an application does no... |
|
| 88 |
Client-side XSS Protection |
3
|
Client-side XSS Protection vulnerabilities occur when an applica... |
|
| 89 |
Database Schema |
3
|
Database Schema vulnerabilities occur when an application does n... |
|
| 90 |
Forged Feedback |
3
|
Forged Feedback vulnerabilities occur when an application does n... |
|
| 91 |
Forged Review |
3
|
Forged Review vulnerabilities occur when an application does not... |
|
| 92 |
GDPR Data Erasure |
3
|
GDPR Data Erasure vulnerabilities occur when an application does... |
|
| 93 |
Login Amy |
3
|
Login Amy vulnerabilities occur when an application does not pro... |
|
| 94 |
Login Bender |
3
|
Login Bender vulnerabilities occur when an application does not ... |
|
| 95 |
Login Jim |
3
|
Login Jim vulnerabilities occur when an application does not pro... |
|
| 96 |
Manipulate Basket |
3
|
Manipulate Basket vulnerabilities occur when an application does... |
|
| 97 |
Payback Time |
3
|
Payback Time vulnerabilities occur when an application does not ... |
|
| 98 |
Privacy Policy Inspection |
3
|
Privacy Policy Inspection vulnerabilities occur when an applicat... |
|
| 99 |
Product Tampering |
3
|
Product Tampering vulnerabilities occur when an application does... |
|
| 100 |
Reset Jims Password |
3
|
Reset Jims Password vulnerabilities occur when an application do... |
|
| 101 |
Upload Size |
3
|
Upload Size vulnerabilities occur when an application does not p... |
|
| 102 |
Upload Type |
3
|
Upload Type vulnerabilities occur when an application does not p... |
|
| 103 |
XXE Data Access |
3
|
XXE Data Access vulnerabilities occur when an application does n... |
|
| 104 |
Deluxe Fraud |
3
|
Deluxe Fraud vulnerabilities occur when an application does not ... |
|
| 105 |
CSRF |
3
|
CSRF vulnerabilities occur when an application does not properly... |
|
| 106 |
Juice Shop CTF |
3
|
Juice Shop CTF vulnerabilities occur when an application does no... |
|
| 107 |
SKF Hack OS Python |
3
|
SKF Hack OS Python vulnerabilities occur when an application doe... |
|
| 108 |
SKF Hack OS Java |
3
|
SKF Hack OS Java vulnerabilities occur when an application does ... |
|
| 109 |
Host header auth bypass |
3
|
Host header auth bypass vulnerabilities occur when an applicatio... |
|
| 110 |
HTTP response splitting |
3
|
HTTP response splitting vulnerabilities occur when an applicatio... |
|
| 111 |
Websocket message manipulation |
3
|
Websocket message manipulation vulnerabilities occur when an app... |
|
| 112 |
SQLi login bypass |
3
|
SQLi login bypass vulnerabilities occur when an application does... |
|
| 113 |
Web cache poisoning |
3
|
Web cache poisoning vulnerabilities occur when an application do... |
|
| 114 |
Access Log |
4
|
Access Log vulnerabilities occur when an application does not pr... |
|
| 115 |
Christmas Special |
4
|
Christmas Special vulnerabilities occur when an application does... |
|
| 116 |
CSP Bypass |
4
|
CSP Bypass vulnerabilities occur when an application does not pr... |
|
| 117 |
Easter Egg |
4
|
Easter Egg vulnerabilities occur when an application does not pr... |
|
| 118 |
Ephemeral Accountant |
4
|
Ephemeral Accountant vulnerabilities occur when an application d... |
|
| 119 |
Expired Coupon |
4
|
Expired Coupon vulnerabilities occur when an application does no... |
|
| 120 |
Forgotten Developer Backup |
4
|
Forgotten Developer Backup vulnerabilities occur when an applica... |
|
| 121 |
Forgotten Sales Backup |
4
|
Forgotten Sales Backup vulnerabilities occur when an application... |
|
| 122 |
GDPR Data Theft |
4
|
GDPR Data Theft vulnerabilities occur when an application does n... |
|
| 123 |
HTTP-Header XSS |
4
|
HTTP-Header XSS vulnerabilities occur when an application does n... |
|
| 124 |
Leaked Unsafe Product |
4
|
Leaked Unsafe Product vulnerabilities occur when an application ... |
|
| 125 |
Legacy Typosquatting |
4
|
Legacy Typosquatting vulnerabilities occur when an application d... |
|
| 126 |
Login Bjoern |
4
|
Login Bjoern vulnerabilities occur when an application does not ... |
|
| 127 |
Misplaced Signature File |
4
|
Misplaced Signature File vulnerabilities occur when an applicati... |
|
| 128 |
Nested Easter Egg |
4
|
Nested Easter Egg vulnerabilities occur when an application does... |
|
| 129 |
NoSQL DoS |
4
|
NoSQL DoS vulnerabilities occur when an application does not pro... |
|
| 130 |
NoSQL Manipulation |
4
|
NoSQL Manipulation vulnerabilities occur when an application doe... |
|
| 131 |
Reset Benders Password |
4
|
Reset Benders Password vulnerabilities occur when an application... |
|
| 132 |
Server-side XSS Protection |
4
|
Server-side XSS Protection vulnerabilities occur when an applica... |
|
| 133 |
Steganography |
4
|
Steganography vulnerabilities occur when an application does not... |
|
| 134 |
User Credentials |
4
|
User Credentials vulnerabilities occur when an application does ... |
|
| 135 |
Vulnerable Library |
4
|
Vulnerable Library vulnerabilities occur when an application doe... |
|
| 136 |
Whitelist Bypass |
4
|
Whitelist Bypass vulnerabilities occur when an application does ... |
|
| 137 |
Blockchain Hype |
5
|
Blockchain Hype vulnerabilities occur when an application does n... |
|
| 138 |
Blocked RCE DoS |
5
|
Blocked RCE DoS vulnerabilities occur when an application does n... |
|
| 139 |
Change Benders Password |
5
|
Change Benders Password vulnerabilities occur when an applicatio... |
|
| 140 |
Email Leak |
5
|
Email Leak vulnerabilities occur when an application does not pr... |
|
| 141 |
Extra Language |
5
|
Extra Language vulnerabilities occur when an application does no... |
|
| 142 |
Frontend Typosquatting |
5
|
Frontend Typosquatting vulnerabilities occur when an application... |
|
| 143 |
Leaked Access Logs |
5
|
Leaked Access Logs vulnerabilities occur when an application doe... |
|
| 144 |
Login CISO |
5
|
Login CISO vulnerabilities occur when an application does not pr... |
|
| 145 |
NoSQL Exfiltration |
5
|
NoSQL Exfiltration vulnerabilities occur when an application doe... |
|
| 146 |
Reset Bjoerns Password |
5
|
Reset Bjoerns Password vulnerabilities occur when an application... |
|
| 147 |
Reset Mortys Password |
5
|
Reset Mortys Password vulnerabilities occur when an application ... |
|
| 148 |
Retrieve Blueprint |
5
|
Retrieve Blueprint vulnerabilities occur when an application doe... |
|
| 149 |
Supply Chain Attack |
5
|
Supply Chain Attack vulnerabilities occur when an application do... |
|
| 150 |
Two Factor Authentication |
5
|
Two Factor Authentication vulnerabilities occur when an applicat... |
|
| 151 |
Unsigned JWT |
5
|
Unsigned JWT vulnerabilities occur when an application does not ... |
|
| 152 |
XXE DoS |
5
|
XXE DoS vulnerabilities occur when an application does not prope... |
|
| 153 |
Cross-Site Imaging |
5
|
Cross-Site Imaging vulnerabilities occur when an application doe... |
|
| 154 |
Arbitrary File Write |
5
|
Arbitrary File Write vulnerabilities occur when an application d... |
|
| 155 |
Forged Coupon |
6
|
Forged Coupon vulnerabilities occur when an application does not... |
|
| 156 |
Forged Signed JWT |
6
|
Forged Signed JWT vulnerabilities occur when an application does... |
|
| 157 |
Imaginary Challenge |
6
|
Imaginary Challenge vulnerabilities occur when an application do... |
|
| 158 |
Login Support Team |
6
|
Login Support Team vulnerabilities occur when an application doe... |
|
| 159 |
Multiple Likes |
6
|
Multiple Likes vulnerabilities occur when an application does no... |
|
| 160 |
Premium Paywall |
6
|
Premium Paywall vulnerabilities occur when an application does n... |
|
| 161 |
SSRF |
6
|
SSRF vulnerabilities occur when an application does not properly... |
|
| 162 |
SSTi |
6
|
SSTi vulnerabilities occur when an application does not properly... |
|
| 163 |
Successful RCE DoS |
6
|
Successful RCE DoS vulnerabilities occur when an application doe... |
|
| 164 |
Video XSS |
6
|
Video XSS vulnerabilities occur when an application does not pro... |
|