Challenges
arrow_drop_down
add
Create a new challenge
calendar_month
Challenge of the month
star
Official challenges
chevron_right
Mongo injection
chevron_right
Injection in insert
First Exfiltration
Simple injection
Xpath injection
chevron_right
Merging nodes
Simple Login Bypass
Schema recovery
Attributes
Going up
SSTI Freemarker
chevron_right
Read a file
Playing with built-in variables
Command execution with constraints
Find the secret variable
Command execution
XSS
chevron_right
Eventless
InnerHTML
HTML parser
Prototype Pollution
JS urls
Simple XSS
SQLI
chevron_right
No LIMIT
Filter bypass
Exploration
Injection in INSERT
First exfiltration
Simple Login Bypass
help
Tutorial
school
Learn
arrow_drop_down
auto_stories
All modules
bug_report
Vulnerabilities
local_fire_department
Web application firewall (WAF) bypass
flag
How to start ?
arrow_drop_down
help
FAQ
timeline
Bug Hunter roadmap
local_activity
How to obtain private invitation
person
Login
arrow_drop_down
Training Modules - Web application firewall (WAF) bypass
CWE-693
LAB01
WAF Bypass - Filter collision
school
arrow_forward
CWE-693
LAB02
WAF Bypass - Transformation
school
arrow_forward
CWE-693
LAB03
WAF Bypass - Exclude spaces
school
arrow_forward
CWE-693
LAB04
WAF Bypass - Encoding
school
arrow_forward