All Writeups
| Machine | Platform | Vulnerabilities | Writeup |
|---|---|---|---|
| hooklink-webrange | WebVerse | broken-auth, mass-assignment, Broken Access Control, api-abuse, bfla | read |
| QueryWho | WebVerse | IDOR | read |
| MooKoo | WebVerse | XSS, SSTI | read |
| Expensiel | WebVerse | NoSQL, mass-assignment | read |
| Tamper Temple (Official writeup) (hard) | WebVerse | Broken Access Control, JWT, Info Disclosure | read |
| Ottergram (Priv-Esc) | BugForge | Broken Access Control | read |
| Bill’s Steak House (RCE) | WebVerse | RCE | read |
| Bomb Threat (Official Walkthrough) | WebVerse | Broken Access Control | read |
| Crate & Sleeve (SXSS) | WebVerse | XSS | read |
| ReportVerse (Official Writeup) | WebVerse | SSRF | read |
| Angry Teacher (Official Walkthrough) | WebVerse | Broken Access Control | read |
| CafeClub (Broken Business Logic) | BugForge | Business Logic | read |
| Disgruntled Employee (Official Writeup) | WebVerse | Auth Bypass | read |
| Versed (SQLi) | WebVerse | SQLi | read |
| Brackish Brewing Co. (with VerbTamper v1.8.1) | WebVerse | Broken Access Control | read |
| FurHire (Broken Auth) (Weekly) | BugForge | Auth Bypass, JWT | read |
| Vibed (SQLi) | WebVerse | SQLi | read |
| MedNode (SQLi) | BugForge | SQLi | read |
| Snooker (Logic flaw) | WebVerse | Business Logic | read |
| Lazy Human Resources (Official writeup) (BAC) | WebVerse | Broken Access Control | read |
| Loop & Roam (git exposure) | WebVerse | Info Disclosure | read |
| The Caretaker (Official Writeup) | WebVerse | SQLi | read |
| Joystick (Websockets) | WebVerse | WebSocket | read |
| Galaxy Dash (IDOR) | BugForge | IDOR | read |
| Mapleton (LFI to RCE) | WebVerse | RCE, LFI, Path Traversal | read |
| Phone Vault (Official writeup) | WebVerse | XSS | read |
| Furhire (SSRF) (Weekly) | BugForge | SSRF | read |
| Ottergram (GraphQL) | BugForge | GraphQL | read |
| Sunnyside Daycare (SSTI) | WebVerse | SSTI, RCE | read |
| NewsForge (BFLA) | WebVerse | RCE, Broken Access Control | read |
| DiceForge (Bypass Paywall) | BugForge | Broken Access Control | read |
| Sprocket Line (RXSS) | WebVerse | XSS | read |
| OutBox (SSTI) | WebVerse | SSTI | read |
| CopyPasta (BAC) | BugForge | Broken Access Control | read |
| Cheesy Does It (JWT) | BugForge | JWT | read |
| DiceForge (RCE) | BugForge | XSS, RCE | read |
| Insecure direct object references — Portswigger Academy Lab | gensec | IDOR | read |
| Method-based access control can be circumvented - Portswigger Academy | gensec | Broken Access Control | read |
| Tanuki (BAC) | BugForge | Broken Access Control | read |
| Quarter Shift (GraphQL + SSRF) | WebVerse | GraphQL, SSRF | read |
| Breach (GraphQL) | WebVerse | GraphQL | read |
| Ottergram (BAC) (VerbTamper) | BugForge | Broken Access Control | read |
| Mirage (LFI) | WebVerse | LFI | read |
| Parcel (SQLi) Writeup | WebVerse | SQLi | read |
| Sokudo (GraphQL) | BugForge | GraphQL | read |
| Fixture (Medium) | WebVerse | SQLi, IDOR, SSRF | read |
| DocketHive | WebVerse | LFI, IDOR, Info Disclosure | read |
| Tricky Tunnels | WebVerse | JWT | read |
| Shady Oaks Financial (JWT) | BugForge | JWT | read |
| Gift Lab (BAC) | BugForge | Broken Access Control | read |
| Tanuki (JWT) | BugForge | JWT | read |
| CafeClub (Business Logic) | BugForge | Business Logic | read |
| Necromancers Notebook (JWT) | BugForge | JWT | read |
| CafeClub writeup (IDOR) | BugForge | IDOR | read |
| Ottergram (XSS) (Live Stream) | BugForge | XSS | read |
| Galaxy Dash (BAC) Walkthrough | BugForge | Broken Access Control | read |
| Ottergram (websockets) | BugForge | IDOR, WebSocket | read |
| MesaNet (OTP Bypass) (Hard) | BugForge | Weak Creds | read |
| Gift Lab (BAC) | BugForge | Weak Creds, Broken Access Control, JWT | read |
| Cheesy Does It (Business Logic Vuln) | BugForge | Business Logic | read |
| Cheesy Does It writeup (BLF) | BugForge | Business Logic | read |
| ExpressWay writeup (HackTheBox) | HackTheBox | Weak Creds | read |
| Copypasta (SQLi) | BugForge | SQLi | read |
| Tanuki (SSRF) | BugForge | SSRF | read |
| CafeClub writeup (LFI) | BugForge | LFI | read |
| Galaxy Dash writeup (SQLi) | BugForge | SQLi | read |
| Ottergram writeup (BAC) | BugForge | Broken Access Control | read |
| Shady Oaks Financial writeup (BFLA) | BugForge | Broken Access Control | read |
| Copypasta writeup (BAC) | BugForge | Broken Access Control | read |
| Sokudo writeup (API9:2023) | BugForge | JWT | read |
| Cheesy Does it writeup (Business Logic flaw) | BugForge | Business Logic | read |
| Furhire writeup (MFA Bypass) (Medium) | BugForge | SQLi, Weak Creds | read |
| How I Became a PAPA (Practical AI Pentest Associate) by TCM | gensec | Prompt Injection | read |
| Ottergram writeup (LFI) | BugForge | LFI, Path Traversal | read |
| Shady Oaks Financial writeup(Race Condition) | BugForge | Race Condition | read |
| Gift List writeup (IDOR) | BugForge | IDOR | read |
| CopyPasta writeup (BAC) | BugForge | Broken Access Control | read |
| Galaxy Dash (XSS) (Medium) | BugForge | XSS | read |
| Cheesy Does It (SQLi) writeup | BugForge | SQLi | read |
| CupidBot writeup (TryHackMe) | TryHackMe | Prompt Injection | read |
| Hidden Deep Into my Heart writeup (TryHackMe) | TryHackMe | Weak Creds | read |
| CafeClub writeup (Business Logic) | BugForge | Business Logic | read |
| Ottergram writeup (Broken Auth) | BugForge | Auth Bypass | read |
| MesaNet writeup (hard) (SQLi) | BugForge | SQLi | read |
| Shady Oaks Financial writeup (Broken auth) | BugForge | Auth Bypass, Broken Access Control | read |
| CopyPasta writeup | BugForge | Auth Bypass, Weak Creds | read |
| Tanuki writeup | BugForge | Broken Access Control | read |
| mustacchio writeup (TryHackMe) | TryHackMe | XXE, Broken Access Control | read |
| Cheesy Does it walkthrough | BugForge | Business Logic | read |
| Cafeclub writeup | BugForge | IDOR | read |
| Ottergram writeup | BugForge | Broken Access Control | read |
| Sokudo writeup | BugForge | Broken Access Control | read |
| CopyPasta writeup | BugForge | IDOR | read |
| Tanuki writeup | BugForge | SSRF | read |
| Cheesy Does It writeup | BugForge | Business Logic | read |
| CafeClub writeup | BugForge | Weak Creds, Business Logic | read |
| Galaxy Dash (Medium difficulty) writeup | BugForge | JWT | read |
| Ottergram writeup | BugForge | IDOR | read |
| Sokudo writeup | BugForge | Auth Bypass, Weak Creds | read |
| Copypasta writeup | BugForge | SQLi | read |
| Tanuki writeup | BugForge | IDOR | read |
| Cheesy Does It writeup | BugForge | Business Logic | read |
| CafeClub Writeup | BugForge | Business Logic | read |
| Tanuki pt 2 Writeup | BugForge | XXE | read |
| Furhire Writeup | BugForge | SQLi, Broken Access Control, JWT | read |
| Ottergram Writeup | BugForge | GraphQL | read |
| Shady Oaks Financial | BugForge | JWT | read |
| Sokudo writeup | BugForge | Auth Bypass, Weak Creds | read |
| Tanuki -Writeup | BugForge | Broken Access Control | read |
| The Great Disappearing Act -TryHackMe Writeup | TryHackMe | Broken Access Control | read |
| Surfer - Writeup (TryHackMe) | TryHackMe | SSRF | read |
| Evil-GPT - Writeup (TryHackMe) | TryHackMe | Broken Access Control | read |
| MD2PDF - Writeup (TryHackMe) | TryHackMe | SSRF | read |
| Legacy | HackTheBox | RCE | read |
| Servmon | HackTheBox | LFI, Path Traversal, Weak Creds | read |
| Blunder | HackTheBox | Weak Creds, File Upload, RCE | read |
| Tabby | HackTheBox | LFI, Weak Creds, Broken Access Control | read |
| Alfred | TryHackMe | Weak Creds | read |
| Ghostcat | TryHackMe | LFI | read |
| Jack | TryHackMe | Weak Creds, Broken Access Control | read |
| Lian-Yu | TryHackMe | Steganography, Broken Access Control | read |
| Year of The Rabbit | TryHackMe | Weak Creds, Auth Bypass | read |
| Dave's Blog | TryHackMe | NoSQL, Auth Bypass | read |
| Escalate my Privileges | Vulnhub | RCE, Broken Access Control | read |
| Geisha | Vulnhub | Weak Creds, Broken Access Control | read |
| Sumo | Vulnhub | RCE | read |
| Vegeta | Vulnhub | Steganography, Broken Access Control | read |
| No writeups in this category yet. | |||
