Overview File upload functionality is a standard feature in modern web applications. However, improper validation can turn it into a critical attack vector. In this lab, the application attempted...

Overview File upload functionality is widely used in modern web applications for handling images, documents, and user-generated content. However, when implemented insecurely, it becomes one of th...

Overview Predictable token generation is a critical security flaw in modern web applications. When identifiers such as gift card codes are generated using deterministic patterns instead of secure...

Overview This lab demonstrates how a seemingly harmless profile API endpoint can be exploited using UNION-based SQL Injection to extract sensitive user data. By chaining multiple SQLi techniques,...

Overview This lab demonstrates a Boolean-Based Blind SQL Injection vulnerability in a stock-checking feature. Unlike classic SQL injection, the application does not return query results directly. ...

Overview This lab demonstrates a UNION-based SQL Injection vulnerability in a search feature. The application directly embeds user input into SQL queries and reflects the results in the response. ...

Overview This lab demonstrates a Path Traversal vulnerability in the image-fetching functionality of the Ottergram application. By manipulating a file parameter, it was possible to access arbitrar...

Overview This lab demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in a public library web application called Overdue. The issue allows an attacker to access other users’ che...

Overview The Corridor challenge from Webverse simulates a literary magazine website called Ridgeline Press. At first glance, the application appears to serve static story content. However, deeper ...

Overview Sokudo is a typing speed tracking web application. During testing, a critical flaw was identified in its authentication mechanism, where authorization tokens were generated using predicta...