Web - Client

Client-side technologies implemented in the web browser

At first you will be faced with problems that will require little to no knowledge of web scripting language. Pretty soon the plot thickens ...

These challenges confront you to the use of scripting languages and client-side programming. They are mostly scripts to analyze and understand. This will allow you to learn languages which are in widespread use on the internet.

Prerequisites:
– Understanding a scripting language such javascript/vbscript
– Understanding the operation of a debugger such firebug/javascript console

41 Challenges

Results	Name	Validations	Number of points	Difficulty	Author	Note ↓↑	Solution	Date
	Javascript - Obfuscation 5	1% 781	70		Hel0ck		3	4 February 2011
	Javascript - Webpack	8% 24878	15		CanardMandarin		3	11 August 2020
	Flash - Authentication	2% 6228	40		koma		1	18 June 2012
	Javascript - Obfuscation 4	2% 6588	50		aaSSfxxx		5	18 July 2011
	AST - Deobfuscation	1% 1121	35		mhoste , Lxt3h		2	27 June 2023
	Javascript - Obfuscation 3	19% 61339	30		Hel0ck		10	4 February 2011
	Javascript - Obfuscation 6	1% 94	60		n3rada		0	27 April 2023
	XSS - Stored - filter bypass	1% 1424	80		Arod , sambecks		8	2 January 2016
	Self XSS - Race Condition	1% 72	60		Mizu		1	28 July 2023
	XSS - DOM Based	1% 833	85		vic		6	24 December 2016
	CSP Bypass - Dangling markup 2	1% 1297	50		CanardMandarin		1	27 October 2020
	Web Socket - 0 protection	1% 838	35		Worty		1	22 October 2021
	CSS - Exfiltration	1% 561	50		Forgi , gwel		1	8 April 2022
	Browser - bfcache / disk cache	1% 45	65		Mizu		0	28 July 2023
	XSS - Reflected	2% 5925	45		pickle		6	16 March 2018
	Javascript - Native code	25% 82971	15		g0uZ		8	13 March 2011
	CSRF - token bypass	3% 7034	45		sambecks		8	18 February 2016
	HTTP Response Splitting	1% 2338	70		Arod		3	7 November 2013
	XSS - Stored 1	12% 38385	30		g0uZ		10	3 March 2012
	CSRF - 0 protection	6% 19798	35		sambecks		8	16 February 2016
	CSP Bypass - Inline code	2% 5118	35		CanardMandarin		8	27 October 2020
	CSP Bypass - Nonce 2	1% 360	35		Ruulian		1	27 June 2023
	XS Leaks	1% 179	75		Mizu		1	8 April 2022
	Same Origin Method Execution	1% 30	90		Mizu		0	28 July 2023
	XSS DOM Based - AngularJS	1% 2268	40		Ruulian		3	12 August 2021
	CSP Bypass - Nonce	1% 822	50		Ruulian		4	8 April 2022
	XSS DOM Based - Introduction	2% 5325	35		Ruulian		4	12 August 2021
	CSP Bypass - Dangling markup	1% 1593	45		CanardMandarin		1	27 October 2020
	Self XSS - DOM Secrets	1% 202	55		Mizu		3	28 July 2023
	XSS DOM Based - Eval	1% 2502	40		Ruulian		5	12 August 2021
	XSS - Stored 2	3% 8857	50		g0uZ		7	4 March 2012
	Javascript - Source	44% 147751	5		g0uZ		5	7 October 2006
	Javascript - Obfuscation 2	34% 111547	10		Hel0ck		8	3 February 2011
	XSS DOM Based - Filters Bypass	1% 1304	50		Ruulian		6	12 August 2021
	Javascript - Authentication 2	41% 136108	10		na5sim		4	3 February 2011
	CSP Bypass - JSONP	1% 1282	45		CanardMandarin		5	27 October 2020
	Javascript - Authentication	47% 156082	5		g0uZ		9	8 October 2006
	Javascript - Obfuscation 1	39% 129134	10		Hel0ck		10	7 October 2006
	HTML - disabled buttons	44% 146883	5		Final		10	16 July 2017
	DOM Clobbering	1% 330	60		Mizu		1	8 April 2022
	Relative Path Overwrite	1% 117	50		Mizu		0	28 July 2023

Challenge Results

Pseudo	Challenge	Lang	Date
deniz95	Javascript - Obfuscation 2		16 September 2024 at 21:40
FRactalis	XSS - Stockée 1		16 September 2024 at 21:40
Rovu	XSS DOM Based - Eval		16 September 2024 at 21:38
Den_D	XSS DOM Based - Filters Bypass		16 September 2024 at 21:33
deniz95	Javascript - Obfuscation 1		16 September 2024 at 21:31
deniz95	Javascript - Authentification 2		16 September 2024 at 21:25
deniz95	Javascript - Source		16 September 2024 at 21:24
deniz95	Javascript - Authentification		16 September 2024 at 21:23
vadim	XSS DOM Based - Introduction		16 September 2024 at 21:19
deniz95	HTML - boutons désactivés		16 September 2024 at 21:19