Web - Server Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse them!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
 Understand HTML.
 Understand the HTTP protocol.
 Ability to manipulate a web browser.

challenges 92 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide HTML - Source code 49% 157653 5 g0uZ 5 3 October 2006
pas_valide HTTP - IP restriction bypass 8% 23843 10 Cyrhades 7 23 March 2021
pas_valide HTTP - Open redirect 19% 61706 10 Swissky 10 2 August 2017
pas_valide HTTP - User-agent 24% 77872 10 g0uZ 10 3 October 2006
pas_valide Weak password 32% 102765 10 g0uZ 7 3 October 2006
pas_valide PHP - Command injection 19% 61107 10 sambecks 10 20 September 2017
pas_valide API - Broken Access 1% 1536 15 Nishacid , Mika 2 18 January 2024
pas_valide Backup file 16% 51264 15 g0uZ 10 27 February 2011
pas_valide HTTP - Directory indexing 23% 72516 15 g0uZ 7 7 October 2006
pas_valide HTTP - Headers 16% 51086 15 Arod 9 11 January 2015
pas_valide HTTP - POST 14% 45673 15 Th1b4ud 10 14 August 2018
pas_valide HTTP - Improper redirect 13% 39715 15 Arod 10 26 November 2014
pas_valide HTTP - Verb tampering 14% 43325 15 g0uZ 10 3 February 2011
pas_valide Install files 13% 41076 15 g0uZ 6 7 October 2006
pas_valide API - Mass Assignment 1% 1065 20 Nishacid , Mika 2 18 January 2024
pas_valide CRLF 10% 29905 20 g0uZ 7 31 July 2011
pas_valide File upload - Double extensions 11% 32812 20 g0uZ 10 24 December 2012
pas_valide File upload - MIME type 8% 26148 20 g0uZ 10 26 December 2012
pas_valide Flask - Unsecure session 1% 1335 20 Sanlokii 1 29 November 2023
pas_valide GraphQL - Introspection 1% 2806 20 apges01 4 19 January 2023
pas_valide HTTP - Cookies 14% 42773 20 g0uZ 8 7 October 2006
pas_valide Insecure Code Management 4% 12537 20 Swissky 6 29 September 2019
pas_valide JWT - Introduction 5% 15457 20 Kn0wledge 5 21 August 2019
pas_valide XSS - Server Side 1% 1706 20 Elf 3 23 June 2023
pas_valide Directory traversal 11% 33185 25 g0uZ 3 31 July 2011
pas_valide File upload - Null byte 7%