User Profile

Me

noob

About

No information has been set by the researcher

Personal website:
noob.ninja

Recognised by

None listed.

noob's challenge statistics

View Researcher Activity

10 total submissions

10 accepted

0 rejected




Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard Steal teh token!

Can you steal the token?
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard An unusual XSS

This challenge was inspired (and reproduced exactly) by a real-life XSS I've recently exploited in a private bug bounty program. It requires some out of the box thinking, it's not an easy challenge....
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard Can you XSS when redirecting?

You'll have to somehow get XSS. May be by stopping something? May be by abusing unexpected behaviour of browser? May be by fuzzing? All upto you. Note : Intended solution works in Firefox...
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully! Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of this...
Category: Test your recon
Completed on 09-11-2018

Easy/medium Can you alert()

Challenge is Vulnerable to basic XSS ,you need alert() to complete the challenge.
Category: Cross Site Scripting (XSS)
Completed on 05-02-2019

Medium/hard Can you bypass the check and fetch local files?

Our lazy developer is only filtering user input based on the parsers he thinks nobody could bypass this to access another resource, prove him is wrong and fetch local files as a proof !
Category: ssrf
Completed on 24-07-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 09-11-2018

Medium/hard This strict URL filter should prevent XSS, right?

This one is pretty simple. One parameter is vulnerable, **?url=**. Can you get XSS to execute?
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018