Web - Server Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse them!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
 Understand HTML.
 Understand the HTTP protocol.
 Ability to manipulate a web browser.

challenges 92 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide HTML - Source code 49% 158250 5 g0uZ 5 3 October 2006
pas_valide HTTP - IP restriction bypass 8% 24129 10 Cyrhades 7 23 March 2021
pas_valide HTTP - Open redirect 19% 61973 10 Swissky 10 2 August 2017
pas_valide HTTP - User-agent 24% 78163 10 g0uZ 10 3 October 2006
pas_valide Weak password 32% 103156 10 g0uZ 7 3 October 2006
pas_valide PHP - Command injection 19% 61385 10 sambecks 10 20 September 2017
pas_valide API - Broken Access 1% 1681 15 Nishacid , Mika 2 18 January 2024
pas_valide Backup file 16% 51431 15 g0uZ 10 27 February 2011
pas_valide HTTP - Directory indexing 23% 72740 15 g0uZ 7 7 October 2006
pas_valide HTTP - Headers 16% 51281 15 Arod 9 11 January 2015
pas_valide HTTP - POST 14% 45867 15 Th1b4ud 10 14 August 2018
pas_valide HTTP - Improper redirect 13% 39864 15 Arod 10 26 November 2014
pas_valide HTTP - Verb tampering 14% 43490 15 g0uZ 10 3 February 2011
pas_valide Install files 13% 41211 15 g0uZ 6 7 October 2006
pas_valide API - Mass Assignment 1% 1157 20 Nishacid , Mika 2 18 January 2024
pas_valide CRLF 10% 30031 20 g0uZ 7 31 July 2011
pas_valide File upload - Double extensions 11% 32910 20 g0uZ 10 24 December 2012
pas_valide File upload - MIME type 8% 26247 20 g0uZ 10 26 December 2012
pas_valide Flask - Unsecure session 1% 1420 20 Sanlokii 1 29 November 2023
pas_valide GraphQL - Introspection 1% 2857 20 apges01 4 19 January 2023
pas_valide HTTP - Cookies 14% 42925 20 g0uZ 8 7 October 2006
pas_valide Insecure Code Management 4% 12594 20 Swissky 6 29 September 2019
pas_valide JWT - Introduction 5% 15592 20 Kn0wledge 5 21 August 2019
pas_valide XSS - Server Side 1% 1775 20 Elf 3 23 June 2023
pas_valide Directory traversal 11% 33281 25 g0uZ 3 31 July 2011
pas_valide File upload - Null byte 7% 22479 25