Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse it!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
- Understand HTML.
- Understand the HTTP protocol.
- Ability to manipulate a web browser.

Challenges associated with this section 57 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide HTML 50% 52792 5 g0uZ 3
pas_valide HTTP - Open redirect 15% 15247 10 Swissky 10
pas_valide Command injection 14% 14663 10 sambecks 10
pas_valide Weak password 38% 40313 10 g0uZ 5
pas_valide User-agent 26% 27311 10 g0uZ 10
pas_valide Backup file 20% 20478 15 g0uZ 6
pas_valide HTTP - POST 6% 6304 15 Th1b4ud 9
pas_valide HTTP directory indexing 26% 27608 15 g0uZ 4
pas_valide HTTP Headers 17% 18079 15 Arod 8
pas_valide HTTP verb tampering 16% 16855 15 g0uZ 10
pas_valide Install files 17% 17292 15 g0uZ 2
pas_valide Improper redirect 13% 13624 15 Arod 9
pas_valide CRLF 11% 10688 20 g0uZ 6
pas_valide File upload - double extensions 12% 12641 20 g0uZ 8
pas_valide File upload - MIME type 10% 9654 20 g0uZ 7
pas_valide HTTP cookies 15% 15456 20 g0uZ 5
pas_valide Directory traversal 13% 13097 25 g0uZ 3
pas_valide File upload - null byte 9% 9103 25 g0uZ 4
pas_valide PHP assert() 5% 4754 25 Birdy42 8
pas_valide PHP filters 8% 8126 25 g0uZ 3
pas_valide PHP register globals 7% 6730 25 g0uZ 1
pas_valide File upload - ZIP 3% 2323 30 ghozt 3
pas_valide Command injection - Filter bypass 2% 1790 30 sambecks 6
pas_valide Local File Inclusion 10% 10392 30 g0uZ 3
pas_valide Local File Inclusion - Double encoding 5% 4797 30 zM 3
pas_valide PHP - Loose Comparison 2% 1776 30 ghozt 4
pas_valide PHP preg_replace() 4% 3756 30 sambecks 4
pas_valide PHP type juggling 4% 3512 30 vic511 4
pas_valide Remote File Inclusion 5% 4543 30 g0uZ 8
pas_valide Server-side Template Injection 4% 3717 30 righettod 3
pas_valide SQL injection - authentication 14% 14741 30 g0uZ 11
pas_valide SQL injection - authentication - GBK 3% 2796 30 dvor4x 3
pas_valide SQL injection - string 7% 6825 30 g0uZ 8
pas_valide XSLT - Code execution 1% 981 30 ghozt 5
pas_valide LDAP injection - authentication 4% 4249 35 g0uZ 8
pas_valide NoSQL injection - authentication 3% 3039 35 mastho 7
pas_valide Path Truncation 3% 2195 35 Geluchat 3
pas_valide PHP Serialization 3% 2931 35 Arod 2
pas_valide SQL injection - numeric 6% 5421 35 g0uZ 6
pas_valide SQL Injection - Routed 2% 1290 35 soka 5
pas_valide SQL Truncation 3% 2437 35 Geluchat 2
pas_valide XML External Entity 2% 1709 35 sambecks 1
pas_valide XPath injection - authentication 3% 3169 35 g0uZ 4
pas_valide Java - Spring Boot 1% 673 40 dvor4x 2
pas_valide Local File Inclusion - Wrappers 1% 1067 40 sambecks 2
pas_valide PHP - Eval 1% 365 40 chmod 3
pas_valide SQL injection - Error 3% 2486 40 sambecks 4
pas_valide SQL injection - Insert 1% 1016 40 sambecks 2
pas_valide SQL injection - file reading 2% 1997 40 Arod 2
pas_valide XPath injection - string 2% 1696 40 g0uZ 4
pas_valide NoSQL injection - blind 1% 979 45 ghozt 3
pas_valide SQL injection - Time based 2% 1816 45 ycam 2
pas_valide Server Side Request Forgery 1% 216 50 sambecks 3
pas_valide SQL injection - blind 3% 3137 50 g0uZ 4
pas_valide LDAP injection - blind 2% 1225 55 g0uZ 1
pas_valide XPath injection - blind 1% 785 75 g0uZ 3
pas_valide SQL injection - filter bypass 1% 724 80 sambecks 5

Challenge Results Challenge Results

Pseudo Challenge Lang date
whiteheart   Command injection en 19 December 2018 at 08:16
traning   HTML en 19 December 2018 at 08:16
muky   Command injection en 19 December 2018 at 08:14
Renuka   HTTP Headers en 19 December 2018 at 08:10
nnnr   Directory traversal fr 19 December 2018 at 08:05
SAIDI   HTTP - Open redirect fr 19 December 2018 at 08:00
nnnr   File upload - double extensions fr 19 December 2018 at 07:56
boz   HTTP directory indexing en 19 December 2018 at 07:49
boz   HTTP - POST en 19 December 2018 at 07:46
nnnr   File upload - null byte fr 19 December 2018 at 07:45