All Challenges (241)
Iframe Tag Is Allowed But Src And Event Handlers Blocked | Variant 3
Mission: Achieve script execution through allowed iframe tag.
Category: Bypassing Web Application Firewall
Domain: The Web War
Needle In The Haystack| Variant 1
Mission: Achieve script execution through an allowed tag that was missed out to prevent in rule.
Category: Bypassing Web Application Firewall
Domain: The Web War
Needle In The Haystack| Variant 2
Mission: Achieve script execution through an allowed event handler that was missed out to prevent in rule.
Category: Bypassing Web Application Firewall
Domain: The Web War
Identifying Direct Ip Of The Target | Variant 1
Mission: Identify the IP of the target behind the WAF.
Category: Bypassing Web Application Firewall
Domain: The Web War
Identifying Direct Ip Of The Target | Variant 2
Mission: Identify the IP of the bank0findia.com behind Cloudflare
Category: Bypassing Web Application Firewall
Domain: The Web War
Identifying Direct Ip Of The Target | Variant 3
Mission: Identify the IP of the ledevis.fr behind the WAF
Category: Bypassing Web Application Firewall
Domain: The Web War
Identifying Direct Ip Of The Target | Variant 4
Mission: Complete the exercise of IP listing using censys.io
Category: Bypassing Web Application Firewall
Domain: The Web War
Bypass Rate Limit | Variant 1
Mission: Overcome view count limit.
Category: Bypassing Web Application Firewall
Domain: The Web War
Client-side Xss Prevention Bypass | Variant 1
Mission: Achieve JavaScript execution through alert/prompt/confirm.
Category: Bypasses In Cross Site Scripting (xss)
Domain: The Web War
Only Trusted Domain Extension | Variant 1
Mission: Achieve URL Redirection through claimed trusted domain extension.
Category: Bypasses In Input Restriction
Domain: The Web War