LABS

Show

#Lab NameLevelDescriptionDetail
1 Path traversal (LFI)
1
Local File Inclusion (also known as LFI) is the process of inclu...
2 Cross Site Scripting
1
Cross-Site Scripting (XSS) attacks are a type of injection, in w...
3 Cross site scripting (attribute)
1
Cross-Site Scripting (XSS) attacks are a type of injection, in w...
4 Cross site scripting (href)
1
Cross-Site Scripting (XSS) attacks are a type of injection, in w...
5 Insecure file upload
1
Insecure File Upload vulnerabilities occur when web applications...
6 Clickjacking
1
Clickjacking is a type of malicious trick that uses multiple tra...
7 Rate-limiting
1
Rate-limiting is a technique used to limit the number of request...
8 Open redirect
1
Open Redirect vulnerabilities occur when an application redirect...
9 Formulla injection
1
Formula Injection vulnerabilities occur when user input is embed...
10 Mass assingment attack
1
Mass Assignment vulnerabilities occur when an application allows...
11 Remote file inclusion
1
Remote File Inclusion (also known as RFI) is the process of incl...
12 Local file inclusion ( harder )
1
Local File Inclusion (also known as LFI) is the process of inclu...
13 Local file inclusion ( hard )
1
Local File Inclusion (also known as LFI) is the process of inclu...
14 Content security policiy
1
Content Security Policy (CSP) is an added layer of security that...
15 Regex Ddos
1
Regular Expression Denial of Service (ReDoS) is a Denial of Serv...
16 Command injection
1
Command Injection vulnerabilities occur when user input is embed...
17 Command injection ( easy )
1
Command Injection vulnerabilities occur when user input is embed...
18 Information disclosure 1
1
Information Disclosure vulnerabilities occur when an application...
19 Information disclosure 2
1
Information Disclosure vulnerabilities occur when an application...
20 Authentication bypass ( easy )
1
Authentication Bypass vulnerabilities occur when an application ...
21 Authentication bypass
1
Authentication Bypass vulnerabilities occur when an application ...
22 Right to left override attack
1
Right-to-Left Override (RLO) is a Unicode attack that can be use...
23 Client side restriction bypass
1
Client-Side Restriction Bypass vulnerabilities occur when an app...
24 Confidential Document
1
Confidential Document is a document that contains sensitive info...
25 DOM XSS
1
DOM-based Cross-Site Scripting (DOM XSS) attacks are a type of i...
26 Error Handling
1
Error Handling vulnerabilities occur when an application does no...
27 Outdated Whitelist
1
Outdated Whitelist vulnerabilities occur when an application doe...
28 Privacy Policy
1
Privacy Policy is a document that contains information about how...
29 Repetitive Registration
1
Repetitive Registration vulnerabilities occur when an applicatio...
30 Score Board
1
Score Board is a document that contains information about the cu...
31 Zero Stars
1
Zero Stars is a document that contains information about the cur...
32 Missing Encoding
1
Missing Encoding vulnerabilities occur when an application does ...
33 Exposed Metrics
1
Exposed Metrics vulnerabilities occur when an application expose...
67 SQLI-blind
3
SQL Injection (SQLi) is a type of injection...
34 Bonus Payload
1
Bonus Payload is a document that contains sensitive information ...
35 XSSI
2
Cross-Site Script Inclusion (XSSI) is a type of injection...
36 Cross site request forgery weak
2
Cross-Site Request Forgery (CSRF) is a type of attack that occur...
37 External entity attack
2
External Entity Attack vulnerabilities occur when an application...
38 SQLI (union select)
2
SQL Injection (SQLi) is a type of injection...
39 Open redirect ( harder )
2
Open Redirect vulnerabilities occur when an application redirect...
40 SQLI -like
2
SQL Injection (SQLi) is a type of injection...
41 Insecure direct object reference
2
Insecure Direct Object Reference vulnerabilities occur when an a...
42 JWT null
2
JSON Web Token (JWT) is a compact...
43 JWT weak secret
2
JSON Web Token (JWT) is a compact...
44 Command injection ( harder )
2
Command Injection vulnerabilities occur when user input is embed...
45 Authentication bypass ( harder )
2
Authentication Bypass vulnerabilities occur when an application ...
46 Client side template injection
2
Client-Side Template Injection vulnerabilities occur when an app...
47 CSS Injection
2
CSS Injection vulnerabilities occur when an application does not...
48 Client side restriction bypass ( harder )
2
Client-Side Restriction Bypass vulnerabilities occur when an app...
49 Credentials guessing ( easy )
2
Credentials Guessing vulnerabilities occur when an application d...
50 Credentials guessing ( harder )
2
Credentials Guessing vulnerabilities occur when an application d...
51 Credentials guessing ( hard )
2
Credentials Guessing vulnerabilities occur when an application d...
52 Admin Section
2
Admin Section is a document that contains information about the ...
53 Deprecated Interface
2
Deprecated Interface is a document that contains information abo...
54 Five-Star Feedback
2
Five-Star Feedback is a document that contains information about...
55 Login Admin
2
Login Admin is a document that contains information about the cu...
56 Login MC SafeSearch
2
Login MC SafeSearch is a document that contains information abou...
57 Password Strength
2
Password Strength is a document that contains information about ...
58 Reflected XSS
2
Reflected Cross-Site Scripting (XSS) vulnerabilities occur when ...
59 Security Policy
2
Security Policy is a document that contains information about th...
60 View Basket
2
View Basket is a document that contains information about the cu...
61 Weird Crypto
2
Weird Crypto is a document that contains information about the c...
62 Cross site request forgery
3
Cross-Site Request Forgery (CSRF) is a type of attack that occur...
63 Cross site request forgery (same site)
3
Cross-Site Request Forgery (CSRF) is a type of attack that occur...
64 HttpOnly (session hijacking)
3
HttpOnly is a flag that can be set on cookies to prevent them fr...
65 Open redirect ( hard )
3
Open Redirect vulnerabilities occur when an application redirect...
66 CORS exploitation
3
Cross-Origin Resource Sharing (CORS) is a mechanism that allows ...
68 Server side request forgery
3
Server-Side Request Forgery (SSRF) is a type of attack that occu...
69 Server side template injection
3
Server-Side Template Injection vulnerabilities occur when an app...
70 Insecure deserialization (yaml)
3
Insecure Deserialization vulnerabilities occur when an applicati...
71 Insecure deserialization pickle ( hard )
3
Insecure Deserialization vulnerabilities occur when an applicati...
72 Insecure deserialization pickle ( harder )
3
Insecure Deserialization vulnerabilities occur when an applicati...
73 Race condition
3
lorem ipsum...
74 Command injection ( hard )
3
Command Injection vulnerabilities occur when an application does...
75 Command injection ( blind )
3
Command Injection vulnerabilities occur when an application does...
76 Authentication bypass ( hard )
3
Authentication Bypass vulnerabilities occur when an application ...
77 Session puzzeling
3
Session Puzzling vulnerabilities occur when an application does ...
78 Graphql DOS
3
GraphQL is a query language for APIs and a runtime for fulfillin...
79 GraphQL IDOR
3
GraphQL is a query language for APIs and a runtime for fulfillin...
80 GraphQL Injections
3
GraphQL is a query language for APIs and a runtime for fulfillin...
81 GraphQL Introspection
3
GraphQL is a query language for APIs and a runtime for fulfillin...
82 GraphQL Mutations
3
GraphQL is a query language for APIs and a runtime for fulfillin...
83 Prototype pollution
3
Prototype Pollution vulnerabilities occur when an application do...
84 API-only XSS
3
API-only XSS vulnerabilities occur when an application does not ...
85 Admin Registration
3
Admin Registration vulnerabilities occur when an application doe...
86 Bjoerns Favorite Pet
3
Bjoerns Favorite Pet vulnerabilities occur when an application d...
87 CAPTCHA Bypass
3
CAPTCHA Bypass vulnerabilities occur when an application does no...
88 Client-side XSS Protection
3
Client-side XSS Protection vulnerabilities occur when an applica...
89 Database Schema
3
Database Schema vulnerabilities occur when an application does n...
90 Forged Feedback
3
Forged Feedback vulnerabilities occur when an application does n...
91 Forged Review
3
Forged Review vulnerabilities occur when an application does not...
92 GDPR Data Erasure
3
GDPR Data Erasure vulnerabilities occur when an application does...
93 Login Amy
3
Login Amy vulnerabilities occur when an application does not pro...
94 Login Bender
3
Login Bender vulnerabilities occur when an application does not ...
95 Login Jim
3
Login Jim vulnerabilities occur when an application does not pro...
96 Manipulate Basket
3
Manipulate Basket vulnerabilities occur when an application does...
97 Payback Time
3
Payback Time vulnerabilities occur when an application does not ...
98 Privacy Policy Inspection
3
Privacy Policy Inspection vulnerabilities occur when an applicat...
99 Product Tampering
3
Product Tampering vulnerabilities occur when an application does...
100 Reset Jims Password
3
Reset Jims Password vulnerabilities occur when an application do...
101 Upload Size
3
Upload Size vulnerabilities occur when an application does not p...
102 Upload Type
3
Upload Type vulnerabilities occur when an application does not p...
103 XXE Data Access
3
XXE Data Access vulnerabilities occur when an application does n...
104 Deluxe Fraud
3
Deluxe Fraud vulnerabilities occur when an application does not ...
105 CSRF
3
CSRF vulnerabilities occur when an application does not properly...
106 Juice Shop CTF
3
Juice Shop CTF vulnerabilities occur when an application does no...
107 SKF Hack OS Python
3
SKF Hack OS Python vulnerabilities occur when an application doe...
108 SKF Hack OS Java
3
SKF Hack OS Java vulnerabilities occur when an application does ...
109 Host header auth bypass
3
Host header auth bypass vulnerabilities occur when an applicatio...
110 HTTP response splitting
3
HTTP response splitting vulnerabilities occur when an applicatio...
111 Websocket message manipulation
3
Websocket message manipulation vulnerabilities occur when an app...
112 SQLi login bypass
3
SQLi login bypass vulnerabilities occur when an application does...
113 Web cache poisoning
3
Web cache poisoning vulnerabilities occur when an application do...
114 Access Log
4
Access Log vulnerabilities occur when an application does not pr...
115 Christmas Special
4
Christmas Special vulnerabilities occur when an application does...
116 CSP Bypass
4
CSP Bypass vulnerabilities occur when an application does not pr...
117 Easter Egg
4
Easter Egg vulnerabilities occur when an application does not pr...
118 Ephemeral Accountant
4
Ephemeral Accountant vulnerabilities occur when an application d...
119 Expired Coupon
4
Expired Coupon vulnerabilities occur when an application does no...
120 Forgotten Developer Backup
4
Forgotten Developer Backup vulnerabilities occur when an applica...
121 Forgotten Sales Backup
4
Forgotten Sales Backup vulnerabilities occur when an application...
122 GDPR Data Theft
4
GDPR Data Theft vulnerabilities occur when an application does n...
123 HTTP-Header XSS
4
HTTP-Header XSS vulnerabilities occur when an application does n...
124 Leaked Unsafe Product
4
Leaked Unsafe Product vulnerabilities occur when an application ...
125 Legacy Typosquatting
4
Legacy Typosquatting vulnerabilities occur when an application d...
126 Login Bjoern
4
Login Bjoern vulnerabilities occur when an application does not ...
127 Misplaced Signature File
4
Misplaced Signature File vulnerabilities occur when an applicati...
128 Nested Easter Egg
4
Nested Easter Egg vulnerabilities occur when an application does...
129 NoSQL DoS
4
NoSQL DoS vulnerabilities occur when an application does not pro...
130 NoSQL Manipulation
4
NoSQL Manipulation vulnerabilities occur when an application doe...
131 Reset Benders Password
4
Reset Benders Password vulnerabilities occur when an application...
132 Server-side XSS Protection
4
Server-side XSS Protection vulnerabilities occur when an applica...
133 Steganography
4
Steganography vulnerabilities occur when an application does not...
134 User Credentials
4
User Credentials vulnerabilities occur when an application does ...
135 Vulnerable Library
4
Vulnerable Library vulnerabilities occur when an application doe...
136 Whitelist Bypass
4
Whitelist Bypass vulnerabilities occur when an application does ...
137 Blockchain Hype
5
Blockchain Hype vulnerabilities occur when an application does n...
138 Blocked RCE DoS
5
Blocked RCE DoS vulnerabilities occur when an application does n...
139 Change Benders Password
5
Change Benders Password vulnerabilities occur when an applicatio...
140 Email Leak
5
Email Leak vulnerabilities occur when an application does not pr...
141 Extra Language
5
Extra Language vulnerabilities occur when an application does no...
142 Frontend Typosquatting
5
Frontend Typosquatting vulnerabilities occur when an application...
143 Leaked Access Logs
5
Leaked Access Logs vulnerabilities occur when an application doe...
144 Login CISO
5
Login CISO vulnerabilities occur when an application does not pr...
145 NoSQL Exfiltration
5
NoSQL Exfiltration vulnerabilities occur when an application doe...
146 Reset Bjoerns Password
5
Reset Bjoerns Password vulnerabilities occur when an application...
147 Reset Mortys Password
5
Reset Mortys Password vulnerabilities occur when an application ...
148 Retrieve Blueprint
5
Retrieve Blueprint vulnerabilities occur when an application doe...
149 Supply Chain Attack
5
Supply Chain Attack vulnerabilities occur when an application do...
150 Two Factor Authentication
5
Two Factor Authentication vulnerabilities occur when an applicat...
151 Unsigned JWT
5
Unsigned JWT vulnerabilities occur when an application does not ...
152 XXE DoS
5
XXE DoS vulnerabilities occur when an application does not prope...
153 Cross-Site Imaging
5
Cross-Site Imaging vulnerabilities occur when an application doe...
154 Arbitrary File Write
5
Arbitrary File Write vulnerabilities occur when an application d...
155 Forged Coupon
6
Forged Coupon vulnerabilities occur when an application does not...
156 Forged Signed JWT
6
Forged Signed JWT vulnerabilities occur when an application does...
157 Imaginary Challenge
6
Imaginary Challenge vulnerabilities occur when an application do...
158 Login Support Team
6
Login Support Team vulnerabilities occur when an application doe...
159 Multiple Likes
6
Multiple Likes vulnerabilities occur when an application does no...
160 Premium Paywall
6
Premium Paywall vulnerabilities occur when an application does n...
161 SSRF
6
SSRF vulnerabilities occur when an application does not properly...
162 SSTi
6
SSTi vulnerabilities occur when an application does not properly...
163 Successful RCE DoS
6
Successful RCE DoS vulnerabilities occur when an application doe...
164 Video XSS
6
Video XSS vulnerabilities occur when an application does not pro...