Web - Server Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse them!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
 Understand HTML.
 Understand the HTTP protocol.
 Ability to manipulate a web browser.

challenges 96 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide Python - dotenv 1% 99 70 jrjgjk 0 27 September 2024
pas_valide Java - Custom gadget deserialization 1% 220 50 Elweth 0 28 December 2023
pas_valide SQL Injection - Second Order 1% 248 55 k4ndar3c 1 29 November 2023
pas_valide Nginx - SSRF Misconfiguration 1% 273 30 .Yo0x 0 27 September 2024
pas_valide Elixir - EEx 1% 360 35 lolo42 1 29 November 2023
pas_valide GraphQL - Backend injection 1% 482 40 apges01 1 19 January 2023
pas_valide File upload - Polyglot 1% 511 45 Cyxo 1 8 July 2022
pas_valide NodeJS - Prototype Pollution Bypass 1% 578 45 Worty 1 22 October 2021
pas_valide API - Broken Access 2 1% 592 40 Nishacid , Mika 1 18 January 2024
pas_valide PHP - Eval - Advanced filters bypass 1% 648 40 Podalirius 2 8 July 2022
pas_valide Python - Blind SSTI Filters Bypass 1% 713 75 Podalirius 5 7 September 2021
pas_valide PHP - Unserialize Pop Chain 1% 748 55 Worty 2 22 October 2021
pas_valide NodeJS - vm escape 1% 795 50 Podalirius 1 15 April 2021
pas_valide PHP - Unserialize overflow 1% 808 55 mayfly 2 4 April 2020
pas_valide GraphQL - Injection 1% 878 30 apges01 2 19 January 2023
pas_valide JWT - Unsecure Key Handling 1% 889 35 Nishacid , Mika 5 23 February 2023
pas_valide Nginx - Root Location Misconfiguration 1% 1115 15 .Yo0x 0 27 September 2024
pas_valide Flask - Development server 1% 1123 30 Sanlokii 1 29 November 2023
pas_valide JWT - Header Injection 1% 1356 30 Nishacid , Mika 2 23 February 2023
pas_valide Node - Serialize 1% 1360 35 Mhd_Root 2 24 February 2021
pas_valide Yaml - Deserialization 1% 1498 35 Nishacid 2 20 April 2021
pas_valide PHP - Remote Xdebug 1% 1548 25 mayfly 4 18 March 2020
pas_valide GraphQL - Mutation 1% 1631 40 CanardMandarin 2 20 October 2020
pas_valide Server Side Request Forgery 1% 1975 50 sambecks 7 22 June 2018
pas_valide Java - Spring Boot 1% 2399 40 dvor4x