All Challenges (241)
Xss Nowhere - 2
Mission: Achieve script execution.
Category: Xss/htmli: Universal Browser Edition
Domain: The Web War
Xss Under The Radar - 2
Mission: Achieve script execution when submitting form.
Category: Xss/htmli: Universal Browser Edition
Domain: The Web War
Blacklisted Domain Bypass | Variant 1
Mission: Submit equivalence of yehg.net characters bypass filter.
Category: Bypasses In Input Restriction
Domain: The Web War
Only Trusted External Url | Variant 1
Mission: Submit a product URL whose domain is other than "yehg.net". In this challenge, you are...
Category: Bypassing Open Redirect Protection
Domain: The Web War
Your Profile Information | Variant 2
Mission: Find out how your profile data can be stolen from a malicious third-party web site.
Category: Data Is Golden
Domain: The Web War
Dig Online
Mission: Discover a vulnerability that can be attacked from a remote malicious host. Hint: Not SSRF. Not DOS.
Category: Think Beyond
Domain: The Web War
Tweets Display
Mission: Discover a vulnerability that can be attacked from a remote host.
Category: Think Beyond
Domain: The Web War
Submit Url
Mission: Discover a vulnerability that can be attacked from a remote malicious host.
Category: Think Beyond
Domain: The Web War
Anti-csrf Bypass | Variant 1
Mission: Craft a CSRF exploit html page with modified payee account reference number 133-71337-1...
Category: Bypassing Anti-csrf Protection
Domain: The Web War
Anti-csrf Bypass | Variant 2
Mission: Craft a CSRF exploit html page with modified payee account reference number 133-71337-1...
Category: Bypassing Anti-csrf Protection
Domain: The Web War