User Profile

Me

palant

About

No information has been set by the researcher

Personal website:
https://palant.de/

Recognised by

       

palant's challenge statistics

View Researcher Activity

18 total submissions

17 accepted

1 rejected




Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Medium/hard Steal teh token!

Can you steal the token?
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Medium/hard Hack The Admin Panel Challenge

Can you exploit the XSS vulnerability present in a hidden feature to gain access of admin panel? Note: Admin prefers clicking. He doesn't like moving his mouse here and there.
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Medium/hard Can you XSS when redirecting?

You'll have to somehow get XSS. May be by stopping something? May be by abusing unexpected behaviour of browser? May be by fuzzing? All upto you. Note : Intended solution works in Firefox...
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully! Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of this...
Category: Test your recon
Completed on 13-11-2018

Medium Can you add yourself to the hall of fame?

I created a hall of fame with one condition: you have to add yourself, and only one user can control the hall of fame! Can you become the king and show your name proudly? Find a way to get your name...
Category: Misc / Application Logic
Completed on 05-12-2018

Easy/medium Can you alert()

Challenge is Vulnerable to basic XSS ,you need alert() to complete the challenge.
Category: Cross Site Scripting (XSS)
Completed on 05-02-2019

Medium/hard XSS and bypass me

Can you execute an alert-box with one user click.
Category: Cross Site Scripting (XSS)
Completed on 29-01-2019

Medium Make HTML dirty again!

Sanitizing HTML is hard! Can you get XSS on this website? The solution does not require any user interaction.
Category: Cross Site Scripting (XSS)
Completed on 28-01-2019

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 04-02-2019

Medium/hard There's cross site request forgery (CSRF) protection, but how good is it?

Note: Use a keen eye on this challenge to notice what's happening Our admin panel was hacked because someone discovered a way to force a request to be sent when we visited a malicious website. I...
Category: Cross Site Request Forgery (CSRF)
Completed on 13-11-2018

Easy/medium Give some space to this XSS Filter. ;)

One of our developer who doesn't RTFM come up with this XSS filter. He thinks his filter is super duper secure. Can you prove him wrong?
Category: Cross Site Scripting (XSS)
Completed on 02-07-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 13-11-2018

Medium Blind testing - debug mode

This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP requests...
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Medium/hard This strict URL filter should prevent XSS, right?

This one is pretty simple. One parameter is vulnerable, **?url=**. Can you get XSS to execute?
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Medium/hard Can you find the flag via SQL injection?

The form is vulnerable to SQL injection and there's a flag inside the database waiting for you. Using **ONLY** union based injection, can you retrieve it?
Category: SQL Injection (SQLi)
Completed on 13-11-2018

Easy/medium Our redirect blacklist is top-notch, right?

We built a secure redirect system, to redirect from our website to our application. There is not a way to bypass this, right?
Category: Open URL Redirect
Completed on 13-11-2018