Challenge Information Created By

Medium/hard Can you bypass the filter and read the admins password?

This challenge is recreated around a real bug I found on a bug bounty program. The challenge url will take a parameter named ?url= and will iframe the results. There is...

zseano Category: Server Side Request Forgery
41 accepted submissions
Solution shared in 7 days

Easy You can only redirect to local endpoints (/example) - try bypass the filter

When testing for open redirects you are sometimes faced with a filter preventing you from redirecting to anything other than local endpoints, for example/test. Can you bypass the...

zseano Category: Open URL Redirect
128 accepted submissions
Solution shared in 7 days

Easy/medium FastFoodHackings - Is our new profile updater secure?

Note For this challenge you will need an account on https://www.bugbountytraining.com/FFH/


Thanks again for...

zseano Category: Insecure Direct Object Reference
42 accepted submissions
Solution has been shared. »

Hard Can you trick this browser extension into revealing its data?

This tiny browser extension is the keeper of a well-hidden secret. We would like to access it from our website, but the extension will only give it to mycompany.invalid which we don't own. Can you...

palant Category: Misc / Application Logic
4 accepted submissions
Solution has been shared. »

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...

zseano Category: Cross Site Scripting (XSS)
66 accepted submissions
Solution has been shared. »

Medium Make HTML dirty again!

Sanitizing HTML is hard! Can you get XSS on this website?

The solution does not require any user interaction.

sheddow Category: Cross Site Scripting (XSS)
7 accepted submissions
Solution has been shared. »

Medium/hard XSS and bypass me

Can you execute an alert-box with one user click.

slawbra Category: Cross Site Scripting (XSS)
8 accepted submissions
Solution has been shared. »

Medium Can you add yourself to the hall of fame?

I created a hall of fame with one condition: you have to add yourself, and only one user can control the hall of fame! Can you become the king and show your name proudly? Find a way to get your...

zseano Category: Misc / Application Logic
16 accepted submissions
Solution has been shared. »

Medium Can you get the flag from this browser extension?

This is a convenient extension, storing the logins you use on various webpages and offering them to you on next visit so that you don't have to retype. It also doubles as a flag storage, websites...

palant Category: Cross Site Scripting (XSS)
3 accepted submissions
Solution has been shared. »

Hard Try out my Screenshotter.PRO browser extension!

Did you know that a browser extension to capture websites can be written with little to no knowledge? I've done it and it works great!

By the way, maybe you could help me with a serious...

palant Category: Misc / Application Logic
2 accepted submissions
Solution has been shared. »

Medium/hard Steal teh token!

Can you steal the token?

structhack Category: Cross Site Scripting (XSS)
15 accepted submissions
Solution has been shared. »

Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...

palant Category: Cross Site Scripting (XSS)
54 accepted submissions
Solution has been shared. »

Easy/medium Our redirect blacklist is top-notch, right?

We built a secure redirect system, to redirect from our website to our application. There is not a way to bypass this, right?

ebelties Category: Open URL Redirect
16 accepted submissions
Solution has been shared. »

Medium Exploiting a static page

This is a static page, no server side involved. So looking for XSS vulnerabilities should be pointless, right?

palant Category: Cross Site Scripting (XSS)
7 accepted submissions
Solution has been shared. »

Medium/hard Can you find the flag via SQL injection?

The form is vulnerable to SQL injection and there's a flag inside the database waiting for you. Using ONLY union based injection, can you retrieve it?

noob Category: SQL Injection (SQLi)
11 accepted submissions
Solution has been shared. »

Medium/hard This strict URL filter should prevent XSS, right?

This one is pretty simple. One parameter is vulnerable, ?url=. Can you get XSS to execute?

filedescriptor Category: Cross Site Scripting (XSS)
11 accepted submissions
Solution has been shared. »

Medium Blind testing - debug mode

This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP...

zseano Category: Cross Site Scripting (XSS)
43 accepted submissions
Solution has been shared. »

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...

zseano Category: openurl
106 accepted submissions
Solution has been shared. »

Medium/hard There's cross site request forgery (CSRF) protection, but how good is it?

Note: Use a keen eye on this challenge to notice what's happening

Our admin panel was hacked because someone discovered a way to force a request to be sent when we visited a malicious...

zseano Category: Cross Site Request Forgery (CSRF)
19 accepted submissions
Solution has been shared. »

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully!

Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of...

zseano Category: Test your recon
243 accepted submissions
Solution has been shared. »

Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...

zseano Category: Cross Site Scripting (XSS)
305 accepted submissions
Solution has been shared. »