Labs
Labs
Browse public labs, filter by language and difficulty, and sort by recency.
Analytics Logs (Path Traversal)
A logs endpoint reads files by name from a logs directory without path sanitization, allowing traversal.
180 pts20 min
#go#http#path-traversal#files
Auth Service (PHP) - SQL Injection & Weak Hash
A PHP auth endpoint concatenates user input into SQL and uses md5 for passwords.
220 pts30 min
#php#pdo#sql#auth
Inventory Lookup (SQL Injection)
A Spring inventory service constructs a SQL query with string concatenation, allowing SQL injection.
300 pts35 min
#java#spring#jdbc#sql
Orders Receipt Renderer (SSRF)
A receipt rendering endpoint fetches a user-provided URL, enabling server-side request forgery.
240 pts25 min
#python#flask#ssrf#http
Payments User Search (NoSQL Injection)
A payments microservice exposes a user search endpoint that trusts a JSON filter from the query string, enabling NoSQL injection.
220 pts25 min
#node#express#nosql#injection