Web - Client

Client-side technologies implemented in the web browser

At first you will be faced with problems that will require little to no knowledge of web scripting language. Pretty soon the plot thickens ...

These challenges confront you to the use of scripting languages and client-side programming. They are mostly scripts to analyze and understand. This will allow you to learn languages which are in widespread use on the internet.

Prerequisites:
– Understanding a scripting language such javascript/vbscript
– Understanding the operation of a debugger such firebug/javascript console

42 Challenges

Results	Name	Validations ↓↑	Number of points	Difficulty	Author	Note	Solution	Date
	Same Origin Method Execution	1% 45	90		Mizu		0	28 July 2023
	CSPT - The Ruler	1% 55	60		Rolix , Mizu		0	27 September 2024
	Browser - bfcache / disk cache	1% 66	65		Mizu		0	28 July 2023
	Self XSS - Race Condition	1% 102	60		Mizu		1	28 July 2023
	Javascript - Obfuscation 6	1% 121	60		n3rada		0	27 April 2023
	Relative Path Overwrite	1% 189	50		Mizu		1	28 July 2023
	XS Leaks	1% 199	75		Mizu		1	8 April 2022
	Self XSS - DOM Secrets	1% 260	55		Mizu		3	28 July 2023
	DOM Clobbering	1% 412	60		Mizu		1	8 April 2022
	CSP Bypass - Nonce 2	1% 631	35		Ruulian		1	27 June 2023
	CSS - Exfiltration	1% 680	50		Forgi , gwel		1	8 April 2022
	Javascript - Obfuscation 5	1% 811	70		Hel0ck		3	4 February 2011
	XSS - DOM Based	1% 871	85		vic		6	24 December 2016
	Web Socket - 0 protection	1% 950	35		Worty		1	22 October 2021
	CSP Bypass - Nonce	1% 1105	50		Ruulian		4	8 April 2022
	CSP Bypass - JSONP	1% 1484	45		CanardMandarin		5	27 October 2020
	CSP Bypass - Dangling markup 2	1% 1522	50		CanardMandarin		1	27 October 2020
	XSS - Stored - filter bypass	1% 1574	80		Arod , sambecks		8	2 January 2016
	XSS DOM Based - Filters Bypass	1% 1589	50		Ruulian		7	12 August 2021
	CSP Bypass - Dangling markup	1% 1837	45		CanardMandarin		1	27 October 2020
	AST - Deobfuscation	1% 2025	35		mhoste , Lxt3h		2	27 June 2023
	HTTP Response Splitting	1% 2462	70		Arod		3	7 November 2013
	XSS DOM Based - AngularJS	1% 2752	40		Ruulian		3	12 August 2021
	XSS DOM Based - Eval	1% 3086	40		Ruulian		5	12 August 2021
	CSP Bypass - Inline code	2% 5931	35		CanardMandarin		8	27 October 2020
	XSS DOM Based - Introduction	2% 6353	35		Ruulian		4	12 August 2021
	Flash - Authentication	2% 6483	40		koma		1	18 June 2012
	XSS - Reflected	2% 6575	45		pickle		6	16 March 2018
	Javascript - Obfuscation 4	2% 7032	50		aaSSfxxx		5	18 July 2011
	CSRF - token bypass	3% 7561	45		sambecks		8	18 February 2016
	XSS - Stored 2	3% 9703	50		g0uZ		7	4 March 2012
	CSRF - 0 protection	6% 21259	35		sambecks		8	16 February 2016
	Javascript - Webpack	8% 28038	15		CanardMandarin		3	11 August 2020
	XSS - Stored 1	12% 41868	30		g0uZ		10	3 March 2012
	Javascript - Obfuscation 3	18% 65249	30		Hel0ck		10	4 February 2011
	Javascript - Native code	25% 88576	15		g0uZ		8	13 March 2011
	Javascript - Obfuscation 2	33% 119521	10		Hel0ck		8	3 February 2011
	Javascript - Obfuscation 1	39% 138179	10		Hel0ck		10	7 October 2006
	Javascript - Authentication 2	41% 145868	10		na5sim		4	3 February 2011
	Javascript - Source	44% 158015	5		g0uZ		5	7 October 2006
	HTML - disabled buttons	44% 158869	5		Final		10	16 July 2017
	Javascript - Authentication	46% 167051	5		g0uZ		9	8 October 2006

Challenge Results

Pseudo	Challenge	Lang	Date
landravager	XSS - Stored 1		6 June 2025 at 17:45
soufou	XSS DOM Based - Introduction		6 June 2025 at 17:43
soufou	CSRF - 0 protection		6 June 2025 at 17:15
qwerty123	Javascript - Source		6 June 2025 at 17:13
soufou	CSP Bypass - Nonce		6 June 2025 at 17:00
yafong	XSS DOM Based - Eval		6 June 2025 at 16:57
Xeo	Javascript - Source		6 June 2025 at 16:51
Xeo	Javascript - Authentification		6 June 2025 at 16:50
Dazax	Javascript - Obfuscation 2		6 June 2025 at 16:46
Xeo	HTML - boutons désactivés		6 June 2025 at 16:45