Web Security Training Platform

Master cybersecurity vulnerabilities through hands-on labs designed to challenge and enhance your penetration testing skills.

217+
Labs Available
22
Vulnerability Types
3
Difficulty Levels
100%
Hands-On

Vulnerability Categories

Cross-Site Scripting (XSS)

LAB 1
Easy
Reflected XSS - Basic Input
ACCESS THE LAB
LAB 2
Easy
Reflected XSS - Script Tag Filter Evasion
ACCESS THE LAB
LAB 3
Medium
Reflected XSS - Script & Img Tag Filter
ACCESS THE LAB
LAB 4
Medium
Reflected XSS - Case-Insensitive Filter Bypass
ACCESS THE LAB
LAB 5
Hard
Reflected XSS - Less-Than Sign Filter
ACCESS THE LAB
LAB 6
Hard
Reflected XSS in HTML Title Tag
ACCESS THE LAB
LAB 7
Easy
Reflected XSS in Page Heading
ACCESS THE LAB
LAB 8
Easy
Reflected XSS - Function Name Filter
ACCESS THE LAB
LAB 9
Medium
Reflected XSS - Extended Function Filter
ACCESS THE LAB
LAB 10
Medium
Reflected XSS - Event Handler Filter
ACCESS THE LAB
LAB 11
Hard
Reflected XSS - Multi-Parameter Filter Evasion
ACCESS THE LAB
LAB 12
Hard
Reflected XSS - Encoding Bypass Attempts
ACCESS THE LAB
LAB 13
Hard
Reflected XSS - Mixed Security Parameters
ACCESS THE LAB
LAB 14
Hard
Reflected XSS - String Concatenation Bypass
ACCESS THE LAB
LAB 15
Hard
Reflected XSS - URL Encoding Context
ACCESS THE LAB
LAB 16
Hard
Reflected XSS in Search Function
ACCESS THE LAB
LAB 17
Hard
Reflected XSS in Category Filter
ACCESS THE LAB
LAB 18
Hard
Stored XSS - User Comments System
ACCESS THE LAB
LAB 19
Hard
Stored XSS - User Profile Management
ACCESS THE LAB
LAB 20
Hard
Stored XSS - Blog Post System
ACCESS THE LAB
LAB 21
Hard
Stored XSS - Support Ticket System
ACCESS THE LAB
LAB 22
Hard
Stored XSS - Admin Panel Settings
ACCESS THE LAB
LAB 48
Hard
CSP Bypass - Unsafe Inline Scripts
ACCESS THE LAB
LAB 49
Hard
CSP Protected Page
ACCESS THE LAB
LAB 50
Hard
Self XSS via POST Parameter
ACCESS THE LAB
LAB 51
Hard
POST-Based Reflected XSS
ACCESS THE LAB
LAB 52
Hard
POST XSS in Input Tag Value
ACCESS THE LAB
LAB 53
Hard
POST XSS in Document Title
ACCESS THE LAB
LAB 54
Hard
DOM-based XSS with jQuery
ACCESS THE LAB
LAB 55
Hard Real World
Reflected XSS in JS Analytics Context (Equifax — HackerOne #1818163)
ACCESS THE LAB
LAB 56
Low Real World
Reflected XSS in HTML Attribute Context (PUBG — HackerOne #751870)
ACCESS THE LAB
LAB 57
Low Real World
XSS via javascript: URI in Redirect Parameter (Shopify — HackerOne #1940245)
ACCESS THE LAB
LAB 58
Medium Real World
Reflected XSS in URL Path Segment (Imgur Mobile — HackerOne #149855)
ACCESS THE LAB
LAB 59
Hard Real World
Reflected XSS via Unquoted Attribute Injection (Reddit — HackerOne #1549206)
ACCESS THE LAB

SQL Injection (SQLI)

LAB 1
Easy
SQL Injection - Login Bypass
ACCESS THE LAB
LAB 2
Easy
INSERT SQL Injection - Comment System
ACCESS THE LAB
LAB 3
Medium
CRUD SQL Injection - Book Management
ACCESS THE LAB
LAB 4
Medium
Time-based Blind SQL Injection
ACCESS THE LAB
LAB 5
Medium
Integer-based SQL Injection
ACCESS THE LAB
LAB 6
Hard
User-Agent Header Blind SQL Injection
ACCESS THE LAB
LAB 7
Hard
Referer Header Blind SQL Injection
ACCESS THE LAB
LAB 8
Hard
X-Forwarded-For Header Blind SQL Injection
ACCESS THE LAB

Authentication Bypass

LAB 1
Medium Real World
Admin Auth Bypass via Response Manipulation (UPS — HackerOne #1490470)
ACCESS THE LAB
LAB 2
Medium
OTP Verification Bypass via Response Manipulation
ACCESS THE LAB
LAB 3
Medium
Phone OTP Bypass via Response Manipulation
ACCESS THE LAB

Open Redirect

LAB 1
Easy
Basic URL Parameter Redirect
ACCESS THE LAB

Server-Side Request Forgery (SSRF)

LAB 1
Easy
Source Code Viewer - Basic cURL SSRF
ACCESS THE LAB
LAB 2
Easy
Screenshot Tool - URL to Image
ACCESS THE LAB
LAB 3
Medium
Port-based Timing Attack
ACCESS THE LAB
LAB 4
Medium
Domain Restriction Bypass with Redirects
ACCESS THE LAB
LAB 5
Medium
Website Checker with IP Blacklist
ACCESS THE LAB
LAB 6
Medium
AWS Metadata Filter Bypass
ACCESS THE LAB
LAB 7
Easy
PDF Generator - URL to PDF
ACCESS THE LAB

Insecure Direct Object Reference (IDOR)

LAB 1
Easy
User Account Information Disclosure
ACCESS THE LAB

Server-Side Template Injection (SSTI)

LAB 1
Easy
Template Engine Code Injection
ACCESS THE LAB

Local File Inclusion (LFI)

LAB 1
Easy
Path Traversal - Basic
ACCESS THE LAB
LAB 2
Medium
CMS Local File Inclusion
ACCESS THE LAB
LAB 3
Hard
File Upload with LFI Vulnerability
ACCESS THE LAB
LAB 4
Easy
Image Gallery File Inclusion
ACCESS THE LAB

Remote File Inclusion (RFI)

LAB 1
Easy
Remote File Inclusion via URL
ACCESS THE LAB

Remote Code Execution (RCE)

LAB 1
Easy
OS Command Injection
ACCESS THE LAB