Hack The Box Challenges (Web)

Cross-Site Scripting. Cookie hijacking

Open Redirect. JWKS and JWT forgery. OTP bypass

Server-Side Request Forgery. localhost bypass. HTTP Request URI

CRLF Injection. RegEx bypass. Server-Side Template Injection

Command injection

SQL injection. Password hash cracking

API. Developer tools

PHP. Time-based SQL injection. WAF bypass

Go. Server-Side Template Injection. Local File Read

Cross-Site Request Forgery. Remote Code Execution

Insecure deserialization with pickle

PHP. Code injection. Remote Code Execution

Server-Side Request Forgery. IP address bypass

MongoDB. NoSQL injection

Cross-Site Scripting

Boolean-based SQL injection. Transfer-Encoding chunked

Server-Side Request Forgery. TOCTOU

HTTP Parameter Pollution

HA-Proxy. HTTP request smuggling via WebSocket. Server-Side Request Forgery. MongoDB Wire Protocol. Gopher Protocol. Cypher injection (neo4j). Command injection. RCE

Go. gRPC. Client-side verification. Directory traversal. Arbitrary File Write. Server-Side Rendering

Boolean-based SQLi in ORDER. Automate flag extraction

XPATH injection. Automate flag extraction

MongoDB. NoSQL injection. Automate flag extraction

Java. CVE. SnakeYAML insecure deserialization

CouchDB. NoSQL injection. Authentication bypass

PHP deserialization. Local File Inclusion. Log Poisoning

Parameter injection. Local File Read

Flask. Server-Side Template Injection. RCE

HTML code inspection

Cross-Site Search. Bypass Same-Origin Policy for exfiltration

Server-Side Request Forgery. Regular Expression Denial of Service

Insecure Deserialization in pickle. SSRF in Redis

Malicious file upload. SSTI to XSS. CSP bypass

JWT. Server-Side Template Injection

SQL injection. Directory Traversal. Local File Read

GraphQL. IDOR

Cross-Site Scripting. Insecure Direct Object Reference

JavaScript. Prototype Pollution

Insecure deserialization with pickle

Broken Access Control

GraphQL batching attack. OTP and rate limit bypass. JWT. CSP. DOM Clobbering. XSS

Directory Traversal. Local File Read. JWT. Broken Access Control. SSRF. Command Injection. RCE

XML External Entity injection

XSS. CSP bypass

PHP. Type Juggling

Stack-based SQL injection

Server-Side Template Injection

nginx. Directory listing

PHP. Laravel exploit

PHP. Laravel Debugger

PHP. Remote Code Execution. PHPMailer (CVE)

Code injection. Read remote file

Authentication bypass. JavaScript code injection

SQLi in SQLite to RCE in PHP

SSRF. Path Traversal. Gopher protocol. Redis RCE

SVG file read through image. Forge session cookie

Python. Third-party dependencies. Code Injection. RCE

Node.js. Third-party dependencies. Code Injection. RCE

SSTI with limited characters

SSRF using iframe

SQL injection. Authentication bypass

Session cookies. Authentication bypass

Cross-Site Scripting

Command injection. Remote Code Execution

Prototype Pollution. AST Injection

TAR Directory Path Traversal. Server-Side Template Injection