Root Me
Home
Challenges
Web - Server
Nginx - SSRF Misconfiguration
30 Points
Bad Gateway
Author
.Yo0x
,
27 September 2024
Level
Validations
0 Challengers
0%
Note
1
2
3
4
5
0 Vote
To reach this part of the site please login
Solution
Submit a solution
92
Challenges
Results
Name
Validations
Number of points
Difficulty
Author
Note
Solution
Date
HTML - Source code
49%
163135
5
g0uZ
5
3 October 2006
HTTP - IP restriction bypass
8%
26201
10
Cyrhades
7
23 March 2021
HTTP - Open redirect
19%
64031
10
Swissky
10
2 August 2017
HTTP - User-agent
24%
80492
10
g0uZ
10
3 October 2006
Weak password
32%
105964
10
g0uZ
7
3 October 2006
PHP - Command injection
19%
63542
10
sambecks
10
20 September 2017
API - Broken Access
1%
2975
15
Nishacid
,
Mika
2
18 January 2024
Backup file
16%
52670
15
g0uZ
10
27 February 2011
HTTP - Directory indexing
23%
74749
15
g0uZ
7
7 October 2006
HTTP - Headers
16%
52705
15
Arod
9
11 January 2015
HTTP - POST
14%
47399
15
Th1b4ud
10
14 August 2018
HTTP - Improper redirect
13%
41057
15
Arod
10
26 November 2014
HTTP - Verb tampering
14%
44766
15
g0uZ
10
3 February 2011
Install files
13%
42275
15
g0uZ
6
7 October 2006
API - Mass Assignment
1%
2033
20
Nishacid
,
Mika
2
18 January 2024
CRLF
10%
30802
20
g0uZ
7
31 July 2011
File upload - Double extensions
10%
33830
20
g0uZ
10
24 December 2012
File upload - MIME type
8%
27060
20
g0uZ
10
26 December 2012
Flask - Unsecure session
1%
1995
20
Sanlokii
1
29 November 2023
GraphQL - Introspection
1%
3276
20
apges01
4
19 January 2023
HTTP - Cookies
14%
44115
20
g0uZ
8
7 October 2006
Insecure Code Management
4%
13108
20
Swissky
6
29 September 2019
JWT - Introduction
5%
16315
20
Kn0wledge
5
21 August 2019
XSS - Server Side
1%
2210
20
Elf
4
23 June 2023
Directory traversal
11%
34130
25
g0uZ
3
31 July 2011
File upload - Null byte
7%
23101
25
g0uZ
4
26 December 2012
JWT - Revoked token
2%
5651
25
ArnC
6
20 March 2020
JWT - Weak secret
4%
11287
25
Jrmbt
6
21 August 2019
JWT - Unsecure File Signature
1%
1871
25
Nishacid
,
Mika
3
23 February 2023
PHP - assert()
5%
14969
25
Birdy42
10
26 November 2016
PHP - Apache configuration
1%
2163
25
erk3
,
nemoz
3
8 July 2022
PHP - Filters
6%
19108
25
g0uZ
3
27 February 2011
PHP - register globals
5%
15397
25
g0uZ
2
8 October 2011
PHP - Remote Xdebug
1%
1440
25
mayfly
4
18 March 2020
Python - Server-side Template Injection Introduction
2%
4123
25
Podalirius
7
7 September 2021
File upload - ZIP
3%
9237
30
ghozt
3
3 August 2017
Flask - Development server
1%
721
30
Sanlokii
1
29 November 2023
GraphQL - Injection
1%
654
30
apges01
2
19 January 2023
Command injection - Filter bypass
3%
7392
30
sambecks
6
20 September 2017
Java - Server-side Template Injection
4%
10328
30
righettod
6
29 November 2015
JWT - Public key
2%
3656
30
Jrmbt
5
21 August 2019
JWT - Header Injection
1%
1044
30
Nishacid
,
Mika
2
23 February 2023
Local File Inclusion
8%
24831
30
g0uZ
4
2 October 2011
Local File Inclusion - Double encoding
4%
12459
30
zM_
4
13 June 2016
Node - Eval
1%
2758
30
Mhd_Root
7
24 February 2021
PHP - Loose Comparison
3%
7073
30
ghozt
4
10 January 2018
PHP - preg_replace()
3%
8843
30
sambecks
4
2 March 2016
PHP - type juggling
3%
8667
30
vic
4
10 March 2016
Remote File Inclusion
4%
11501
30
g0uZ
8
25 November 2015
SQL injection - Authentication
14%
44229
30
g0uZ
11
27 February 2011
SQL injection - Authentication - GBK
3%
9294
30
dvor4x
4
2 December 2015
SQL injection - String
7%
20987
30
g0uZ
10
24 December 2012
XSLT - Code execution
2%
3613
30
ghozt
5
16 July 2017
Elixir - EEx
1%
214
35
lolo42
1
29 November 2023
JWT - Unsecure Key Handling
1%
700
35
Nishacid
,
Mika
5
23 February 2023
LDAP injection - Authentication
3%
10043
35
g0uZ
8
26 May 2013
Node - Serialize
1%
1203
35
Mhd_Root
2
24 February 2021
NoSQL injection - Authentication
3%
7515
35
mastho
8
31 May 2015
PHP - Path Truncation
2%
5320
35
Geluchat
6
25 March 2015
PHP - Serialization
2%
6594
35
Arod
3
3 February 2014
SQL injection - Numeric
5%
14471
35
g0uZ
7
24 December 2012
SQL Injection - Routed
2%
5128
35
soka
5
24 December 2016
SQL Truncation
2%
6454
35
Geluchat
2
1 May 2015
XML External Entity
2%
5387
35
sambecks
2
20 October 2014
XPath injection - Authentication
2%
6426
35
g0uZ
6
27 December 2012
Yaml - Deserialization
1%
1304
35
Nishacid
2
20 April 2021
API - Broken Access 2
1%
264
40
Nishacid
,
Mika
1
18 January 2024
GraphQL - Backend injection
1%
377
40
apges01
1
19 January 2023
GraphQL - Mutation
1%
1502
40
CanardMandarin
2
20 October 2020
Java - Spring Boot
1%
2289
40
dvor4x
3
24 December 2016
Local File Inclusion - Wrappers
2%
3529
40
sambecks
4
2 March 2016
PHP - Eval
2%
3494
40
chmod
10
8 November 2018
PHP - Eval - Advanced filters bypass
1%
550
40
Podalirius
2
8 July 2022
SQL injection - Error
3%
7410
40
sambecks
5
4 March 2015
SQL injection - Insert
1%
3092
40
sambecks
4
23 February 2015
SQL injection - File reading
2%
5883
40
Arod
3
19 October 2014
XPath injection - String
2%
3807
40
g0uZ
5
26 May 2013
File upload - Polyglot
1%
413
45
Cyxo
1
8 July 2022
NodeJS - Prototype Pollution Bypass
1%
487
45
Worty
1
22 October 2021
NoSQL injection - Blind
1%
2894
45
ghozt
6
26 November 2016
SQL injection - Time based
2%
5488
45
ycam
4
11 September 2015
Java - Custom gadget deserialization
1%
119
50
Elweth
0
28 December 2023
NodeJS - vm escape
1%
703
50
Podalirius
1
15 April 2021
Server Side Request Forgery
1%
1787
50
sambecks
7
22 June 2018
SQL injection - Blind
3%
7356
50
g0uZ
6
27 February 2011
LDAP injection - Blind
1%
3356
55
g0uZ
2
8 June 2013
PHP - Unserialize overflow
1%
747
55
mayfly
2
4 April 2020
PHP - Unserialize Pop Chain
1%
633
55
Worty
2
22 October 2021
SQL Injection Second Order
1%
168
55
k4ndar3c
1
29 November 2023
Python - Blind SSTI Filters Bypass
1%
605
75
Podalirius
5
7 September 2021
XPath injection - Blind
1%
2261
75
g0uZ
5
27 December 2012
SQL injection - Filter bypass
1%
2626
80
sambecks
7
21 July 2014