Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse it!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
- Understand HTML.
- Understand the HTTP protocol.
- Ability to manipulate a web browser.

Challenges associated with this section 57 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide HTML - source code 49% 68012 5 g0uZ 3
pas_valide HTTP - Open redirect 16% 22391 10 Swissky 10
pas_valide HTTP - User-agent 25% 34084 10 g0uZ 10
pas_valide Weak password 35% 49294 10 g0uZ 5
pas_valide PHP - Command injection 16% 21825 10 sambecks 10
pas_valide Backup file 18% 24847 15 g0uZ 7
pas_valide HTTP - directory indexing 25% 33914 15 g0uZ 4
pas_valide HTTP - Headers 16% 22538 15 Arod 8
pas_valide HTTP - POST 10% 13232 15 Th1b4ud 10
pas_valide HTTP - Improper redirect 13% 17080 15 Arod 10
pas_valide HTTP - verb tampering 15% 20698 15 g0uZ 10
pas_valide Install files 15% 20830 15 g0uZ 2
pas_valide CRLF 10% 13277 20 g0uZ 6
pas_valide File upload - double extensions 11% 15341 20 g0uZ 9
pas_valide File upload - MIME type 9% 11843 20 g0uZ 7
pas_valide HTTP - cookies 14% 18966 20 g0uZ 7
pas_valide Directory traversal 12% 16016 25 g0uZ 3
pas_valide File upload - null byte 8% 11150 25 g0uZ 4
pas_valide PHP - assert() 5% 6254 25 Birdy42 8
pas_valide PHP - filters 7% 9833 25 g0uZ 3
pas_valide PHP - register globals 6% 8187 25 g0uZ 1
pas_valide File upload - ZIP 3% 3520 30 ghozt 3
pas_valide Command injection - Filter bypass 2% 2575 30 sambecks 6
pas_valide Java - Server-side Template Injection 4% 4515 30 righettod 3
pas_valide Local File Inclusion 9% 12563 30 g0uZ 3
pas_valide Local File Inclusion - Double encoding 5% 5939 30 zM 3
pas_valide PHP - Loose Comparison 2% 2694 30 ghozt 4
pas_valide PHP - preg_replace() 4% 4546 30 sambecks 4
pas_valide PHP - type juggling 4% 4366 30 vic 4
pas_valide Remote File Inclusion 4% 5390 30 g0uZ 8
pas_valide SQL injection - authentication 13% 18022 30 g0uZ 11
pas_valide SQL injection - authentication - GBK 3% 3681 30 dvor4x 3
pas_valide SQL injection - string 6% 8245 30 g0uZ 8
pas_valide XSLT - Code execution 1% 1387 30 ghozt 5
pas_valide LDAP injection - authentication 4% 4998 35 g0uZ 8
pas_valide NoSQL injection - authentication 3% 3683 35 mastho 7
pas_valide PHP - Path Truncation 2% 2740 35 Geluchat 4
pas_valide PHP - Serialization 3% 3477 35 Arod 2
pas_valide SQL injection - numeric 5% 6417 35 g0uZ 6
pas_valide SQL Injection - Routed 2% 1752 35 soka 5
pas_valide SQL Truncation 3% 2983 35 Geluchat 2
pas_valide XML External Entity 2% 2213 35 sambecks 2
pas_valide XPath injection - authentication 3% 3764 35 g0uZ 4
pas_valide Java - Spring Boot 1% 919 40 dvor4x 2
pas_valide Local File Inclusion - Wrappers 1% 1374 40 sambecks 4
pas_valide PHP - Eval 1% 973 40 chmod 9
pas_valide SQL injection - Error 3% 3017 40 sambecks 4
pas_valide SQL injection - Insert 1% 1299 40 sambecks 3
pas_valide SQL injection - file reading 2% 2360 40 Arod 2
pas_valide XPath injection - string 2% 1981 40 g0uZ 4
pas_valide NoSQL injection - blind 1% 1256 45 ghozt 5
pas_valide SQL injection - Time based 2% 2205 45 ycam 2
pas_valide Server Side Request Forgery 1% 410 50 sambecks 3
pas_valide SQL injection - blind 3% 3533 50 g0uZ 4
pas_valide LDAP injection - blind 2% 1456 55 g0uZ 1
pas_valide XPath injection - blind 1% 957 75 g0uZ 4
pas_valide SQL injection - filter bypass 1% 924 80 sambecks 5

Challenge Results Challenge Results

Pseudo Challenge Lang date
abubu   Weak password en 22 July 2019 at 04:15
abubu   SQL injection - authentication en 22 July 2019 at 04:14
Acetylated Heather   SQL injection - authentication en 22 July 2019 at 03:36
majinadrummer   Fichier de sauvegarde fr 22 July 2019 at 03:28
JoshuaSign   LDAP injection - en aveugle fr 22 July 2019 at 03:21
vdusart   HTTP - User-agent fr 22 July 2019 at 03:01
majinadrummer   HTTP - User-agent fr 22 July 2019 at 02:51
majinadrummer   HTTP - Open redirect fr 22 July 2019 at 02:47
Subtle   HTTP - Improper redirect en 22 July 2019 at 02:24
Subtle   HTTP - POST en 22 July 2019 at 02:21