This repository hosts the web challenges I made for Cyber Up.
Find the password in the source
Bypass the login form with a weak password
Perform a command injection attack to read a file from the filesystem
Gain administrative access because of broken authentication.
Bypass client side verification
Perform an IDOR attack to read information about the admin user
Read the source code from a leftover artifact
Enumerate a directory and find a hidden image
Spoof your user agent to bypass protections
Perform an XSS attack to steal the administrator's cookie
Perform a type juggling attack to bypass verification
Perform an SSRF attack to read a forbidden page
Perform a nosql injection to read info about forbidden user
Perform an XXE attack to read a forbidden page
Perform a SQL injection attack to bypass a login form