All Challenges (241)
Preloadjs| Variant 1 (video Injection)
Mission: Load an arbitrary video hosted in your controlled server.
Category: Parsers Playground
Domain: The Web War
Html Injection | Only A Tag Is Allowed
Mission: Construct an attack only with the allowed HTML tag.
Category: Exploitation Lab
Domain: The Web War
Html Injection | Only Style Tag Is Allowed
Mission: Construct an attack only with the allowed HTML tag.
Category: Exploitation Lab
Domain: The Web War
Referrer Bypass | Variant 1
Mission: Craft an HTML page that redirects to the target page bypassing implemented referrer control.
Category: Bypassing Referrer-check Protection
Domain: The Web War
Referrer Bypass | Variant 2
Mission: Craft an HTML page that redirects to the target page bypassing implemented referrer control.
Category: Bypassing Referrer-check Protection
Domain: The Web War
Referrer Bypass | Variant 3
Mission: Craft an HTML page that redirects to the target page bypassing implemented referrer control.
Category: Bypassing Referrer-check Protection
Domain: The Web War
Referrer Bypass | Variant 4
Mission: Craft an HTML page that redirects to the target page bypassing implemented referrer control.
Category: Bypassing Referrer-check Protection
Domain: The Web War
From Client-side Cookie Poisoning To Persistent Force-logout
Mission: Craft a link that causes log-out of the challenge site.
Category: Exploitation Lab
Domain: The Web War
From Client-side Cookie Poisoning To Persistent Denial-of-service
Mission: Craft a link that triggers the target page unable to render.
Category: Exploitation Lab
Domain: The Web War
Reconstruct .git
Mission: Discover secret key from rebuilt source code
Category: Osint/recon
Domain: The Web War