All Challenges



Domains:
   

   

  • Xss Nowhere - 2
    Mission: Achieve script execution.
    Category: Xss/htmli: Universal Browser Edition
    Domain: The Web War


  • Xss Under The Radar - 2
    Mission: Achieve script execution when submitting form.
    Category: Xss/htmli: Universal Browser Edition
    Domain: The Web War


  • Blacklisted Domain Bypass | Variant 1
    Mission: Submit equivalence of yehg.net characters bypass filter.
    Category: Bypasses In Input Restriction
    Domain: The Web War


  • Only Trusted External Url | Variant 1
    Mission: Submit a product URL whose domain is other than "yehg.net". In this challenge, you are...
    Category: Bypassing Open Redirect Protection
    Domain: The Web War


  • Your Profile Information | Variant 2
    Mission: Find out how your profile data can be stolen from a malicious third-party web site.
    Category: Data Is Golden
    Domain: The Web War


  • Dig Online
    Mission: Discover a vulnerability that can be attacked from a remote malicious host. Hint: Not SSRF. Not DOS.
    Category: Think Beyond
    Domain: The Web War


  • Tweets Display
    Mission: Discover a vulnerability that can be attacked from a remote host.
    Category: Think Beyond
    Domain: The Web War


  • Submit Url
    Mission: Discover a vulnerability that can be attacked from a remote malicious host.
    Category: Think Beyond
    Domain: The Web War


  • Anti-csrf Bypass | Variant 1
    Mission: Craft a CSRF exploit html page with modified payee account reference number 133-71337-1...
    Category: Bypassing Anti-csrf Protection
    Domain: The Web War


  • Anti-csrf Bypass | Variant 2
    Mission: Craft a CSRF exploit html page with modified payee account reference number 133-71337-1...
    Category: Bypassing Anti-csrf Protection
    Domain: The Web War