Challenges
arrow_drop_down
add
Create a new challenge
calendar_month
Challenge of the month
star
Official challenges
chevron_right
Mongo injection
chevron_right
Injection in insert
First Exfiltration
Simple injection
Xpath injection
chevron_right
Merging nodes
Simple Login Bypass
Schema recovery
Attributes
Going up
SSTI Freemarker
chevron_right
Read a file
Playing with built-in variables
Command execution with constraints
Find the secret variable
Command execution
XSS
chevron_right
Eventless
InnerHTML
HTML parser
Prototype Pollution
JS urls
Simple XSS
SQLI
chevron_right
No LIMIT
Filter bypass
Exploration
Injection in INSERT
First exfiltration
Simple Login Bypass
help
Tutorial
school
Learn
arrow_drop_down
auto_stories
All modules
bug_report
Vulnerabilities
local_fire_department
Web application firewall (WAF) bypass
flag
How to start ?
arrow_drop_down
help
FAQ
timeline
Bug Hunter roadmap
local_activity
How to obtain private invitation
person
Login
arrow_drop_down
Sqlite3
settings
Dojo #1
by
YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect
Can you recover the admin password ?
drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result