Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Information Security

BugBountyHunter

BugBountyHunter via Independent

Description

A variety of free challenges recreated based on real bug bounty findings. Practise your knowledge learnt from our website and see if you can complete each challenge. After you think you've found the answer you can then reveal the solution to check if you are right!

Tags
Red Team

Syllabus

Newcomer Challenges

  1. Cross Origin Resource Sharing - Checking if a whitelisted string is found is a bad approach
  2. Misc / Application Logic - Can you obtain the sensitive information somehow?
  3. Cross Site Scripting (XSS) - Can you find any XSS on this "harmless" page?
  4. Open URL Redirect - You may only redirect to *.bugbountyhunter.com
  5. Open URL Redirect - Only relative redirects are allowed!
  6. Cross Site Scripting (XSS) - Change the class of our image and pick your favourite!
  7. Cross Site Scripting (XSS) - Can you find any XSS? No HTML tags allowed!

Level Up Your Hacking

  1. Misc / Application Logic - Can you access our private tool, XSS Destroyer?
  2. Test your recon - There's a leak somewhere!
  3. Open URL Redirect - Can you steal the SSO token?
  4. Cross Site Scripting (XSS) - "I've won a bounty" generator
  5. Insecure Direct Object Reference - Check out these HackerPhotos! Nothings wrong here.
  6. Misc / Application Logic - What's behind this admin panel?
  7. Cross Site Scripting (XSS) - This strict URL filter should prevent XSS, right?
  8. Cross Site Request Forgery (CSRF) - There's cross site request forgery (CSRF) protection, but how good is it?

 ZSeano's Playground

Start Learning Find study partner
Online Course
Information Security

BugBountyHunter

BugBountyHunter
Start Learning Find study partner
Affiliate notice

A variety of free challenges recreated based on real bug bounty findings. Practise your knowledge learnt from our website and see if you can complete each challenge. After you think you've found the answer you can then reveal the solution to check if you are right!

Newcomer Challenges

  1. Cross Origin Resource Sharing - Checking if a whitelisted string is found is a bad approach
  2. Misc / Application Logic - Can you obtain the sensitive information somehow?
  3. Cross Site Scripting (XSS) - Can you find any XSS on this "harmless" page?
  4. Open URL Redirect - You may only redirect to *.bugbountyhunter.com
  5. Open URL Redirect - Only relative redirects are allowed!
  6. Cross Site Scripting (XSS) - Change the class of our image and pick your favourite!
  7. Cross Site Scripting (XSS) - Can you find any XSS? No HTML tags allowed!

Level Up Your Hacking

  1. Misc / Application Logic - Can you access our private tool, XSS Destroyer?
  2. Test your recon - There's a leak somewhere!
  3. Open URL Redirect - Can you steal the SSO token?
  4. Cross Site Scripting (XSS) - "I've won a bounty" generator
  5. Insecure Direct Object Reference - Check out these HackerPhotos! Nothings wrong here.
  6. Misc / Application Logic - What's behind this admin panel?
  7. Cross Site Scripting (XSS) - This strict URL filter should prevent XSS, right?
  8. Cross Site Request Forgery (CSRF) - There's cross site request forgery (CSRF) protection, but how good is it?

 ZSeano's Playground

Tags

Red Team

Quick Links

Browse by subject

Browse by provider

Browse by university

Browse by publisher

Browse by institution

Roadmaps

Posts