# | Flag | Box |
---|---|---|
1 | Score Board | Miscellaneous |
2 | DOM XSS | XSS |
3 | Bonus Payload | XSS |
4 | Privacy Policy | Miscellaneous |
5 | Repetitive Registration | Improper Input Validation |
6 | Empty User Registration | Improper Input Validation |
7 | Password Strength | Broken Authentication |
8 | Login Admin | Injection |
9 | Admin Section | Broken Access Control |
10 | Five-Star Feedback | Broken Access Control |
11 | Login Jim | Injection |
12 | Login Bender | Injection |
13 | Mass Dispel | Miscellaneous |
14 | Deluxe Fraud | Improper Input Validation |
15 | Database Schema | Injection |
16 | User Credentials | Injection |
17 | Confidential Document | Sensitive Data Exposure |
18 | Forgotten Sales Backup | Sensitive Data Exposure |
19 | Forgotten Developer Backup | Sensitive Data Exposure |
20 | Poison Null Byte | Improper Input Validation |
21 | Misplaced Signature File | Sensitive Data Exposure |
22 | Easter Egg | Broken Access Control |
23 | Nested Easter Egg | Cryptographic Issues |
24 | Forged Coupon | Cryptographic Issues |
25 | Login Support Team | Security Misconfiguration |
# | Flag | Box |
---|---|---|
1 | Score Board | Miscellaneous |
2 | DOM XSS | XSS |
3 | Error Handling | Security Misconfiguration |
4 | Bonus Payload | XSS |
5 | Privacy Policy | Miscellaneous |
6 | Password Strength | Broken Authentication |
7 | Login Admin | Injection |
8 | Forged Feedback | Broken Access Control |
9 | Forged Review | Broken Access Control |
10 | View Basket | Broken Access Control |
11 | Exposed Metrics | Sensitive Data Exposure |
12 | Confidential Document | Sensitive Data Exposure |
13 | Login Jim | Injection |
14 | Login Bender | Injection |
15 | Visual Geo Stalking | Sensitive Data Exposure |
16 | CAPTCHA Bypass | Broken Anti Automation |
17 | Meta Geo Stalking | Sensitive Data Exposure |
18 | Christmas Special | Injection |
19 | Zero Stars | Improper Input Validation |
20 | Repetitive Registration | Improper Input Validation |
21 | Forgotten Sales Backup | Sensitive Data Exposure |
22 | Poison Null Byte | Improper Input Validation |
23 | Admin Section | Broken Access Control |
# | Flag | Box |
---|---|---|
1 | Error Handling | Security Misconfiguration |
2 | Score Board | Miscellaneous |
3 | DOM XSS | XSS |
4 | Login Admin | Injection |
5 | Login Bender | Injection |
6 | Login Jim | Injection |
7 | Privacy Policy | Miscellaneous |
8 | Bonus Payload | XSS |
9 | Exposed Metrics | Sensitive Data Exposure |
10 | Zero Stars | Improper Input Validation |
11 | Visual Geo Stalking | Sensitive Data Exposure |
12 | Password Strength | Broken Authentication |
13 | Confidential Document | Sensitive Data Exposure |
14 | Reset Bender's Password | Broken Authentication |
15 | Admin Registration | Improper Input Validation |
16 | Admin Section | Broken Access Control |
17 | Five-Star Feedback | Broken Access Control |
18 | Repetitive Registration | Improper Input Validation |
19 | Meta Geo Stalking | Sensitive Data Exposure |
20 | Forged Feedback | Broken Access Control |
21 | View Basket | Broken Access Control |
22 | Empty User Registration | Improper Input Validation |
23 | Outdated Allowlist | Unvalidated Redirects |
# | Flag | Box |
---|---|---|
1 | Login Admin | Injection |
2 | Error Handling | Security Misconfiguration |
3 | Score Board | Miscellaneous |
4 | Bonus Payload | XSS |
5 | DOM XSS | XSS |
6 | Password Strength | Broken Authentication |
7 | Privacy Policy | Miscellaneous |
8 | Bully Chatbot | Miscellaneous |
9 | Weird Crypto | Cryptographic Issues |
10 | Exposed Metrics | Sensitive Data Exposure |
11 | Security Policy | Miscellaneous |
12 | User Credentials | Injection |
13 | Login Jim | Injection |
14 | Login Bender | Injection |
15 | Database Schema | Injection |
16 | Ephemeral Accountant | Injection |
17 | Confidential Document | Sensitive Data Exposure |
18 | Nested Easter Egg | Cryptographic Issues |
# | Flag | Box |
---|---|---|
1 | Score Board | Miscellaneous |
2 | Repetitive Registration | Improper Input Validation |
3 | Error Handling | Security Misconfiguration |
4 | Login Bender | Injection |
5 | Zero Stars | Improper Input Validation |
6 | Empty User Registration | Improper Input Validation |
7 | Privacy Policy | Miscellaneous |
8 | Bully Chatbot | Miscellaneous |
9 | Login Admin | Injection |
10 | Exposed Metrics | Sensitive Data Exposure |
11 | Reset Jim's Password | Broken Authentication |
12 | Login Amy | Sensitive Data Exposure |
13 | Password Strength | Broken Authentication |
14 | Admin Section | Broken Access Control |
15 | Confidential Document | Sensitive Data Exposure |
# | Flag | Box |
---|---|---|
1 | Score Board | Miscellaneous |
2 | DOM XSS | XSS |
3 | Bonus Payload | XSS |
4 | Privacy Policy | Miscellaneous |
5 | Login Admin | Injection |
6 | Password Strength | Broken Authentication |
7 | View Basket | Broken Access Control |
8 | Login Jim | Injection |
9 | Login Bender | Injection |
10 | Forged Feedback | Broken Access Control |
# | Flag | Box |
---|---|---|
1 | DOM XSS | XSS |
2 | Bonus Payload | XSS |
3 | Repetitive Registration | Improper Input Validation |
4 | Score Board | Miscellaneous |
5 | Error Handling | Security Misconfiguration |
6 | Zero Stars | Improper Input Validation |
7 | Empty User Registration | Improper Input Validation |
8 | Login Admin | Injection |
9 | Password Strength | Broken Authentication |
10 | Confidential Document | Sensitive Data Exposure |
11 | Exposed Metrics | Sensitive Data Exposure |
12 | Admin Section | Broken Access Control |
13 | Five-Star Feedback | Broken Access Control |
14 | Outdated Allowlist | Unvalidated Redirects |
# | Flag | Box |
---|---|---|
1 | Score Board | Miscellaneous |
2 | DOM XSS | XSS |
3 | Bonus Payload | XSS |
4 | Privacy Policy | Miscellaneous |
5 | Login Admin | Injection |
6 | Password Strength | Broken Authentication |
7 | View Basket | Broken Access Control |