📄️ API - Broken Access
- Description: Your friend has set up a platform where you can register and post a private note.
📄️ Backup file
- Description: No clue.
📄️ HTML - Source code
- Description: Don't search too far
📄️ HTTP - Cookies
- Description Bob really love cookies!
📄️ HTTP - Directory indexing
- Description: CTRL+U...
📄️ HTTP - Headers
- Description: Get an administrator access to the webpage.
📄️ HTTP - Improper redirect
- Description: Get access to index.
📄️ HTTP - IP restriction bypass
- Description: Dear colleagues,
📄️ HTTP - Open redirect
- Description: Find a way to make a redirection to a domain other than those showed on the web page.
📄️ HTTP - POST
- Description: Find a way to beat the top score!
📄️ HTTP - User-agent
- Description: Admin is really dumb...
📄️ HTTP - Verb tampering
- Description: Bypass the security establishment.
📄️ Insecure Code Management
- Description: Get the password (in clear text) from the admin account.
📄️ Install files
- Description: You know phpBB ?
📄️ JWT - Introduction
- Description: To validate the challenge, connect as admin.
📄️ JWT - Weak secrets
- Description: This API with its /hello endpoint (accessible with GET) seems rather welcoming at first glance but is actually trying to play a trick on you.
📄️ PHP - Command injection
- Description: Find a vulnerabilty in this service and exploit it.
📄️ Weak password
- Description: Nothing too difficult