Web - Server Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse them!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
 Understand HTML.
 Understand the HTTP protocol.
 Ability to manipulate a web browser.

challenges 97 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide Ruby on Rails - ransack 1% 49 30 koma 0 23 June 2025
pas_valide Nginx - Alias Misconfiguration 1% 3290 15 .Yo0x 3 27 September 2024
pas_valide Nginx - Root Location Misconfiguration 1% 1582 15 .Yo0x 1 27 September 2024
pas_valide Nginx - SSRF Misconfiguration 1% 376 30 .Yo0x 1 27 September 2024
pas_valide Python - dotenv 1% 125 70 jrjgjk 1 27 September 2024
pas_valide API - Broken Access 2 1% 640 40 Nishacid , Mika 1 18 January 2024
pas_valide API - Mass Assignment 1% 3669 20 Nishacid , Mika 2 18 January 2024
pas_valide API - Broken Access 2% 6018 15 Nishacid , Mika 4 18 January 2024
pas_valide Java - Custom gadget deserialization 1% 246 50 Elweth 0 28 December 2023
pas_valide Flask - Unsecure session 1% 3213 20 Sanlokii 1 29 November 2023
pas_valide Elixir - EEx 1% 388 35 lolo42 1 29 November 2023
pas_valide Flask - Development server 1% 1218 30 Sanlokii 1 29 November 2023
pas_valide SQL Injection - Second Order 1% 269 55 k4ndar3c 1 29 November 2023
pas_valide XSS - Server Side 1% 3215 20 Elf 4 23 June 2023
pas_valide JWT - Unsecure Key Handling 1% 950 35 Nishacid , Mika 5 23 February 2023
pas_valide JWT - Header Injection 1% 1434 30 Nishacid , Mika 2 23 February 2023
pas_valide JWT - Unsecure File Signature 1% 2659 25 Nishacid , Mika 3 23 February 2023
pas_valide GraphQL - Backend injection 1% 507 40 apges01 1 19 January 2023
pas_valide GraphQL - Injection 1% 936 30 apges01 2 19 January 2023
pas_valide GraphQL - Introspection 2% 4256 20 apges01 4 19 January 2023
pas_valide File upload - Polyglot 1% 531 45 Cyxo 1 8 July 2022
pas_valide PHP - Eval - Advanced filters bypass 1% 674 40 Podalirius 2 8 July 2022
pas_valide PHP - Apache configuration 1% 2749 25 erk3 , nemoz 4 8 July 2022
pas_valide PHP - Unserialize Pop Chain 1% 778 55 Worty 2 22 October 2021