Web - Client

Client-side technologies implemented in the web browser

At first you will be faced with problems that will require little to no knowledge of web scripting language. Pretty soon the plot thickens ...

These challenges confront you to the use of scripting languages and client-side programming. They are mostly scripts to analyze and understand. This will allow you to learn languages which are in widespread use on the internet.

Prerequisites:
– Understanding a scripting language such javascript/vbscript
– Understanding the operation of a debugger such firebug/javascript console

42 Challenges

Results	Name	Validations	Number of points	Difficulty	Author	Note	Solution	Date
	HTML - disabled buttons	44% 157143	5		Final		10	16 July 2017
	Javascript - Authentication	47% 165535	5		g0uZ		9	8 October 2006
	Javascript - Source	44% 156586	5		g0uZ		5	7 October 2006
	Javascript - Authentication 2	41% 144542	10		na5sim		4	3 February 2011
	Javascript - Obfuscation 1	39% 136965	10		Hel0ck		10	7 October 2006
	Javascript - Obfuscation 2	33% 118428	10		Hel0ck		8	3 February 2011
	Javascript - Native code	25% 87799	15		g0uZ		8	13 March 2011
	Javascript - Webpack	8% 27608	15		CanardMandarin		3	11 August 2020
	Javascript - Obfuscation 3	18% 64706	30		Hel0ck		10	4 February 2011
	XSS - Stored 1	12% 41342	30		g0uZ		10	3 March 2012
	AST - Deobfuscation	1% 1870	35		mhoste , Lxt3h		2	27 June 2023
	CSP Bypass - Inline code	2% 5799	35		CanardMandarin		8	27 October 2020
	CSP Bypass - Nonce 2	1% 596	35		Ruulian		1	27 June 2023
	CSRF - 0 protection	6% 21023	35		sambecks		8	16 February 2016
	Web Socket - 0 protection	1% 933	35		Worty		1	22 October 2021
	XSS DOM Based - Introduction	2% 6173	35		Ruulian		4	12 August 2021
	Flash - Authentication	2% 6444	40		koma		1	18 June 2012
	XSS DOM Based - AngularJS	1% 2662	40		Ruulian		3	12 August 2021
	XSS DOM Based - Eval	1% 2982	40		Ruulian		5	12 August 2021
	CSP Bypass - Dangling markup	1% 1800	45		CanardMandarin		1	27 October 2020
	CSP Bypass - JSONP	1% 1452	45		CanardMandarin		5	27 October 2020
	CSRF - token bypass	3% 7480	45		sambecks		8	18 February 2016
	XSS - Reflected	2% 6462	45		pickle		6	16 March 2018
	CSP Bypass - Dangling markup 2	1% 1487	50		CanardMandarin		1	27 October 2020
	CSP Bypass - Nonce	1% 1061	50		Ruulian		4	8 April 2022
	CSS - Exfiltration	1% 662	50		Forgi , gwel		1	8 April 2022
	Javascript - Obfuscation 4	2% 6946	50		aaSSfxxx		5	18 July 2011
	Relative Path Overwrite	1% 178	50		Mizu		1	28 July 2023
	XSS - Stored 2	3% 9576	50		g0uZ		7	4 March 2012
	XSS DOM Based - Filters Bypass	1% 1548	50		Ruulian		7	12 August 2021
	Self XSS - DOM Secrets	1% 248	55		Mizu		3	28 July 2023
	CSPT - The Ruler	1% 37	60		Rolix , Mizu		0	27 September 2024
	DOM Clobbering	1% 394	60		Mizu		1	8 April 2022
	Javascript - Obfuscation 6	1% 115	60		n3rada		0	27 April 2023
	Self XSS - Race Condition	1% 93	60		Mizu		1	28 July 2023
	Browser - bfcache / disk cache	1% 62	65		Mizu		0	28 July 2023
	HTTP Response Splitting	1% 2444	70		Arod		3	7 November 2013
	Javascript - Obfuscation 5	1% 802	70		Hel0ck		3	4 February 2011
	XS Leaks	1% 195	75		Mizu		1	8 April 2022
	XSS - Stored - filter bypass	1% 1555	80		Arod , sambecks		8	2 January 2016
	XSS - DOM Based	1% 865	85		vic		6	24 December 2016
	Same Origin Method Execution	1% 43	90		Mizu		0	28 July 2023

Challenge Results

Pseudo	Challenge	Lang	Date
AllTx	CSP Bypass - Inline code		17 April 2025 at 09:44
4na	XSS - Stockée 1		17 April 2025 at 09:36
candice	Javascript - Obfuscation 2		17 April 2025 at 09:34
Ohma_rbk	CSRF - 0 protection		17 April 2025 at 09:29
candice	Javascript - Obfuscation 1		17 April 2025 at 09:27
ambruchan	HTML - boutons désactivés		17 April 2025 at 09:27
AllTx	AST - Deobfuscation		17 April 2025 at 09:23
Talace	CSP Bypass - JSONP		17 April 2025 at 09:21
candice	Javascript - Authentification 2		17 April 2025 at 09:16
ken	CSRF - 0 protection		17 April 2025 at 09:04