Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse it!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
- Understand HTML.
- Understand the HTTP protocol.
- Ability to manipulate a web browser.

Challenges associated with this section 57 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide HTML 49% 58594 5 g0uZ 3
pas_valide HTTP - Open redirect 15% 17663 10 Swissky 10
pas_valide Command injection 15% 17051 10 sambecks 10
pas_valide Weak password 37% 43532 10 g0uZ 5
pas_valide User-agent 25% 29481 10 g0uZ 10
pas_valide Backup file 19% 21870 15 g0uZ 6
pas_valide HTTP - POST 8% 8806 15 Th1b4ud 10
pas_valide HTTP directory indexing 25% 29665 15 g0uZ 4
pas_valide HTTP Headers 17% 19487 15 Arod 8
pas_valide HTTP verb tampering 16% 18100 15 g0uZ 10
pas_valide Install files 16% 18468 15 g0uZ 2
pas_valide Improper redirect 13% 14669 15 Arod 10
pas_valide CRLF 10% 11463 20 g0uZ 6
pas_valide File upload - double extensions 12% 13466 20 g0uZ 8
pas_valide File upload - MIME type 9% 10311 20 g0uZ 7
pas_valide HTTP cookies 14% 16520 20 g0uZ 6
pas_valide Directory traversal 12% 13964 25 g0uZ 3
pas_valide File upload - null byte 9% 9716 25 g0uZ 4
pas_valide PHP assert() 5% 5177 25 Birdy42 8
pas_valide PHP filters 8% 8646 25 g0uZ 3
pas_valide PHP register globals 6% 7176 25 g0uZ 1
pas_valide File upload - ZIP 3% 2676 30 ghozt 3
pas_valide Command injection - Filter bypass 2% 1992 30 sambecks 6
pas_valide Local File Inclusion 10% 10980 30 g0uZ 3
pas_valide Local File Inclusion - Double encoding 5% 5130 30 zM 3
pas_valide PHP - Loose Comparison 2% 2018 30 ghozt 4
pas_valide PHP preg_replace() 4% 3964 30 sambecks 4
pas_valide PHP type juggling 4% 3724 30 vic 4
pas_valide Remote File Inclusion 4% 4786 30 g0uZ 8
pas_valide Server-side Template Injection 4% 3932 30 righettod 3
pas_valide SQL injection - authentication 14% 15700 30 g0uZ 11
pas_valide SQL injection - authentication - GBK 3% 3092 30 dvor4x 3
pas_valide SQL injection - string 7% 7260 30 g0uZ 8
pas_valide XSLT - Code execution 1% 1094 30 ghozt 5
pas_valide LDAP injection - authentication 4% 4474 35 g0uZ 8
pas_valide NoSQL injection - authentication 3% 3225 35 mastho 7
pas_valide Path Truncation 2% 2339 35 Geluchat 3
pas_valide PHP Serialization 3% 3074 35 Arod 2
pas_valide SQL injection - numeric 5% 5728 35 g0uZ 6
pas_valide SQL Injection - Routed 2% 1406 35 soka 5
pas_valide SQL Truncation 3% 2589 35 Geluchat 2
pas_valide XML External Entity 2% 1849 35 sambecks 1
pas_valide XPath injection - authentication 3% 3368 35 g0uZ 4
pas_valide Java - Spring Boot 1% 737 40 dvor4x 2
pas_valide Local File Inclusion - Wrappers 1% 1134 40 sambecks 3
pas_valide PHP - Eval 1% 594 40 chmod 5
pas_valide SQL injection - Error 3% 2625 40 sambecks 4
pas_valide SQL injection - Insert 1% 1078 40 sambecks 3
pas_valide SQL injection - file reading 2% 2097 40 Arod 2
pas_valide XPath injection - string 2% 1759 40 g0uZ 4
pas_valide NoSQL injection - blind 1% 1034 45 ghozt 4
pas_valide SQL injection - Time based 2% 1922 45 ycam 2
pas_valide Server Side Request Forgery 1% 268 50 sambecks 3
pas_valide SQL injection - blind 3% 3251 50 g0uZ 4
pas_valide LDAP injection - blind 2% 1280 55 g0uZ 1
pas_valide XPath injection - blind 1% 821 75 g0uZ 3
pas_valide SQL injection - filter bypass 1% 758 80 sambecks 5

Challenge Results Challenge Results

Pseudo Challenge Lang date
gavaner   HTML en 16 February 2019 at 23:47
Goldht   HTML fr 16 February 2019 at 23:45
Callow   File upload - MIME type en 16 February 2019 at 23:44
P0l4ris   HTTP verb tampering fr 16 February 2019 at 23:41
snowbe   Injection de commande fr 16 February 2019 at 23:32
Wilmur   PHP preg_replace() en 16 February 2019 at 23:31
bouenou   XPath injection - authentification fr 16 February 2019 at 23:25
Aedianys   LDAP injection - en aveugle fr 16 February 2019 at 23:24
armbar   File upload - type MIME fr 16 February 2019 at 23:17
Skikers78   SQL Injection - Routed fr 16 February 2019 at 23:14