Web - Server Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse them!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:
 Understand HTML.
 Understand the HTTP protocol.
 Ability to manipulate a web browser.

challenges 96 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide API - Broken Access 2% 4177 15 Nishacid , Mika 2 18 January 2024
pas_valide API - Broken Access 2 1% 429 40 Nishacid , Mika 1 18 January 2024
pas_valide API - Mass Assignment 1% 2671 20 Nishacid , Mika 2 18 January 2024
pas_valide Backup file 16% 53856 15 g0uZ 10 27 February 2011
pas_valide CRLF 10% 31606 20 g0uZ 7 31 July 2011
pas_valide Command injection - Filter bypass 3% 7611 30 sambecks 6 20 September 2017
pas_valide Directory traversal 10% 35041 25 g0uZ 3 31 July 2011
pas_valide Elixir - EEx 1% 267 35 lolo42 1 29 November 2023
pas_valide File upload - Double extensions 10% 34706 20 g0uZ 10 24 December 2012
pas_valide File upload - MIME type 8% 27822 20 g0uZ 10 26 December 2012
pas_valide File upload - Null byte 7% 23754 25 g0uZ 4 26 December 2012
pas_valide File upload - Polyglot 1% 453 45 Cyxo 1 8 July 2022
pas_valide File upload - ZIP 3% 9542 30 ghozt 3 3 August 2017
pas_valide Flask - Development server 1% 918 30 Sanlokii 1 29 November 2023
pas_valide Flask - Unsecure session 1% 2495 20 Sanlokii 1 29 November 2023
pas_valide GraphQL - Backend injection 1% 431 40 apges01 1 19 January 2023
pas_valide GraphQL - Injection 1% 757 30 apges01 2 19 January 2023
pas_valide GraphQL - Introspection 2% 3637 20 apges01 4 19 January 2023
pas_valide GraphQL - Mutation 1% 1572 40 CanardMandarin 2 20 October 2020
pas_valide HTML - Source code 49% 168372 5 g0uZ 5 3 October 2006
pas_valide HTTP - Cookies 13% 45318 20 g0uZ 8 7 October 2006
pas_valide HTTP - Directory indexing 22% 76795 15 g0uZ 7 7 October 2006
pas_valide HTTP - Headers 16% 54176 15 Arod 9 11 January 2015
pas_valide HTTP - IP restriction bypass 9% 28526 10 </