Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse it!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
- Understand HTML.
- Understand the HTTP protocol.
- Ability to manipulate a web browser.

Challenges associated with this section 49 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide HTML 51% 29542 5 g0uZ 1
pas_valide Weak password 43% 24626 10 g0uZ 3
pas_valide User-agent 27% 15578 10 g0uZ 12
pas_valide Backup file 21% 11919 15 g0uZ 5
pas_valide HTTP directory indexing 28% 16180 15 g0uZ 5
pas_valide HTTP Headers 17% 9707 15 Arod 6
pas_valide HTTP verb tampering 17% 9561 15 g0uZ 12
pas_valide Install files 18% 10158 15 g0uZ 2
pas_valide Improper redirect 13% 7395 15 Arod 11
pas_valide CRLF 11% 5844 20 g0uZ 2
pas_valide File upload - double extensions 13% 7189 20 g0uZ 5
pas_valide File upload - MIME type 10% 5493 20 g0uZ 6
pas_valide HTTP cookies 16% 8907 20 g0uZ 5
pas_valide Directory traversal 13% 7393 25 g0uZ 2
pas_valide File upload - null byte 9% 5232 25 g0uZ 3
pas_valide PHP assert() 3% 1587 25 Birdy42 8
pas_valide PHP filters 9% 4865 25 g0uZ 4
pas_valide PHP register globals 7% 3838 25 g0uZ 2
pas_valide Local File Inclusion 11% 6170 30 g0uZ 1
pas_valide Local File Inclusion - Double encoding 5% 2457 30 zM 3
pas_valide PHP preg_replace() 4% 1977 30 sambecks 9
pas_valide PHP type juggling 4% 2019 30 vic511 6
pas_valide Remote File Inclusion 5% 2657 30 g0uZ 12
pas_valide Server-side Template Injection 4% 2025 30 righettod 5
pas_valide SQL injection - authentication 16% 8776 30 g0uZ 10
pas_valide SQL injection - authentication - GBK 3% 1226 30 dvor4x 7
pas_valide SQL injection - string 8% 4161 30 g0uZ 6
pas_valide XSLT - Code execution 1% 118 30 ghozt 3
pas_valide LDAP injection - authentication 5% 2672 35 g0uZ 5
pas_valide NoSQL injection - authentication 4% 1754 35 mastho 6
pas_valide Path Truncation 3% 1174 35 Geluchat 3
pas_valide PHP Serialization 4% 1912 35 Arod 4
pas_valide SQL injection - numeric 6% 3406 35 g0uZ 3
pas_valide SQL Injection - Routed 1% 420 35 soka 7
pas_valide SQL Truncation 3% 1445 35 Geluchat 3
pas_valide XML External Entity 2% 930 35 sambecks 1
pas_valide XPath injection - authentication 4% 2035 35 g0uZ 7
pas_valide Java - Spring Boot 1% 293 40 dvor4x 5
pas_valide Local File Inclusion - Wrappers 1% 532 40 sambecks 4
pas_valide SQL injection - Error 3% 1265 40 sambecks 6
pas_valide SQL injection - Insert 2% 639 40 sambecks 9
pas_valide SQL injection - file reading 2% 1046 40 Arod 5
pas_valide XPath injection - string 2% 1112 40 g0uZ 8
pas_valide NoSQL injection - blind 1% 431 45 ghozt 11
pas_valide SQL injection - Time based 2% 846 45 ycam 3
pas_valide SQL injection - blind 4% 2166 50 g0uZ 9
pas_valide LDAP injection - blind 2% 797 55 g0uZ 10
pas_valide XPath injection - blind 1% 453 75 g0uZ 4
pas_valide SQL injection - filter bypass 1% 422 80 sambecks 4

Challenge Results Challenge Results

Pseudo Challenge Lang date
onxrt   PHP type juggling en 25 July 2017 at 09:28
Thanh Loc   HTTP verb tampering en 25 July 2017 at 09:27
bus7d   File upload - null byte fr 25 July 2017 at 09:18
NitriKx   HTTP Headers en 25 July 2017 at 09:16
illumineus   User-agent fr 25 July 2017 at 09:13
eazoo   SQL injection - string es 25 July 2017 at 09:02
Dloomad   SQL injection - authentification - GBK fr 25 July 2017 at 08:52
illumineus   Mot de passe faible fr 25 July 2017 at 08:48
illumineus   HTML fr 25 July 2017 at 08:46
gmolveau   XSLT - Code execution fr 25 July 2017 at 08:38