Web - Server Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse them!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
 Understand HTML.
 Understand the HTTP protocol.
 Ability to manipulate a web browser.

challenges 96 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide Nginx - SSRF Misconfiguration 1% 267 30 .Yo0x 0 27 September 2024
pas_valide Python - dotenv 1% 94 70 jrjgjk 0 27 September 2024
pas_valide Nginx - Root Location Misconfiguration 1% 1071 15 .Yo0x 0 27 September 2024
pas_valide Java - Custom gadget deserialization 1% 215 50 Elweth 0 28 December 2023
pas_valide Flask - Unsecure session 1% 3019 20 Sanlokii 1 29 November 2023
pas_valide API - Broken Access 2 1% 584 40 Nishacid , Mika 1 18 January 2024
pas_valide File upload - Polyglot 1% 509 45 Cyxo 1 8 July 2022
pas_valide Elixir - EEx 1% 359 35 lolo42 1 29 November 2023
pas_valide NodeJS - Prototype Pollution Bypass 1% 577 45 Worty 1 22 October 2021
pas_valide NodeJS - vm escape 1% 793 50 Podalirius 1 15 April 2021
pas_valide SQL Injection - Second Order 1% 246 55 k4ndar3c 1 29 November 2023
pas_valide GraphQL - Backend injection 1% 481 40 apges01 1 19 January 2023
pas_valide Flask - Development server 1% 1118 30 Sanlokii 1 29 November 2023
pas_valide GraphQL - Mutation 1% 1630 40 CanardMandarin 2 20 October 2020
pas_valide XML External Entity 2% 5802 35 sambecks 2 20 October 2014
pas_valide JWT - Header Injection 1% 1347 30 Nishacid , Mika 2 23 February 2023
pas_valide PHP - register globals 5% 16202 25 g0uZ 2 8 October 2011
pas_valide Yaml - Deserialization 1% 1491 35 Nishacid 2 20 April 2021
pas_valide PHP - Eval - Advanced filters bypass 1% 647 40 Podalirius 2 8 July 2022
pas_valide SQL Truncation 2% 6958 35 Geluchat 2 1 May 2015
pas_valide GraphQL - Injection 1% 873 30 apges01 2 19 January 2023
pas_valide LDAP injection - Blind 1% 3553 55 g0uZ 2 8 June 2013
pas_valide API - Mass Assignment 1% 3384 20 Nishacid , Mika 2 18 January 2024
pas_valide Node - Serialize 1% 1357 35 Mhd_Root 2 24 February 2021
pas_valide Nginx - Alias Misconfiguration 1% 2903 15 .Yo0x 2 27 September 2024