All Challenges



Domains:
   

       

  • Iframe Tag Is Allowed But Src And Event Handlers Blocked | Variant 3
    Mission: Achieve script execution through allowed iframe tag
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Needle In The Haystack| Variant 1
    Mission: Achieve script execution through an allowed tag that was missed out to prevent in rule
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Needle In The Haystack| Variant 2
    Mission: Achieve script execution through an allowed event handler that was missed out to prevent in rule
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Identifying Direct Ip Of The Target | Variant 1
    Mission: Identify the IP of the target behind the WAF
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Identifying Direct Ip Of The Target | Variant 2
    Mission: Identify the IP of the bank0findia.com behind Cloudflare
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Identifying Direct Ip Of The Target | Variant 3
    Mission: Identify the IP of the ledevis.fr behind the WAF
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Identifying Direct Ip Of The Target | Variant 4
    Mission: Complete the exercise of IP listing using censys.io
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Bypass Rate Limit | Variant 1
    Mission: Overcome view count limit
    Category: Bypassing Web Application Firewall
    Domain: The Web War


  • Client-side Xss Prevention Bypass | Variant 1
    Mission: Achieve JavaScript execution through alert/prompt/confirm.
    Category: Bypasses In Cross Site Scripting (xss)
    Domain: The Web War


  • Only Trusted Domain Extension | Variant 1
    Mission: Achieve URL Redirection through claimed trusted domain extension
    Category: Bypasses In Input Restriction
    Domain: The Web War