User

Problems

65 challenges · Node.js + Python · OWASP Top 10

#TitleCategoryDifficultyXP

0101Order Ownership CheckA01Easy+50 0102Profile Update AuthorizationA01Easy+50 0103Invoice DownloadA01Medium+100 0104Admin Resource LeakA01Medium+100 0105Nested Resource AccessA01Medium+100 0106Bulk Operation IDORA01Hard+200 0107Predictable Internal IDA01Hard+200 0108Multi-Tenant Data LeakA01Hard+200 0201User Role EscalationA08Easy+50 0202Account Verified BypassA08Easy+50 0203Price ManipulationA08Medium+100 0204Credit Balance InflationA08Medium+100 0205Admin Flag InjectionA08Medium+100 0206Subscription Tier BypassA08Hard+200 0207Audit Field TamperingA08Hard+200 0208OAuth Scope WideningA01Medium+100 0301Login Query BuilderA03Easy+50 0302Search Query BuilderA03Easy+50 0303Order Filter BuilderA03Easy+50 0304Sort Column InjectionA03Medium+100 0305Second-Order InjectionA03Hard+200 0306Batch Insert BuilderA03Medium+100 0312Cloud Metadata SSRFA10Hard+500 0401File Download ValidatorA05Easy+50 0402Template LoaderA05Easy+50 0403Log File ReaderA05Medium+100 0404Config File AccessA05Medium+100 0405Archive Extraction (Zip Slip)A05Hard+200 0406Symlink EscapeA05Hard+200 0501Deep Merge PollutionA08Easy+50 0502Config Defaults PollutionA08Easy+50 0503Query String ParserA08Medium+100 0504Template Context MergeA08Medium+100 0505Permission Check BypassA08Hard+200 0506Gadget Chain via ConfigA08Hard+200 0601Unsafe Pickle DetectionA08Easy+50 0602YAML Unsafe LoaderA08Easy+50 0603JSON Type ConfusionA08Medium+100 0604Object Property InjectionA08Medium+100 0605Signed Cookie TamperA02Medium+100 0606Class Allowlist BypassA08Hard+200 0701Weak Hash AlgorithmA07Easy+50 0702Unsalted HashA07Easy+50 0703Timing Attack on Password VerificationA07Medium+100 0704Insufficient Bcrypt RoundsA07Medium+100 0705Password Exposed in Log EntryA07Hard+200 0706Hash Length ExtensionA02Medium+150 0801Token Expiry CheckA07Easy+50 0802Audience ValidationA07Easy+50 0803Algorithm None AttackA07Medium+100 0804Role Claim TrustA07Medium+100 0805Weak Secret RejectionA07Hard+200 0806Issuer ValidationA07Hard+200 0901HTML Tag InjectionA03Easy+50 0902HTML Attribute InjectionA03Medium+100 0903JavaScript Context InjectionA03Medium+100 0904URL Protocol InjectionA03Medium+100 0905JSONP Callback ValidationA03Easy+50 0906Profile Field SanitisationA03Easy+50 1001Negative Quantity ExploitA04Easy+50 1002Discount Percentage ValidationA04Easy+50 1003Discount Code StackingA04Medium+100 1004Refund Exceeds TotalA04Easy+50 1005Cumulative Balance CheckA04Easy+50 1006Coupon Replay PreventionA04Medium+100