HTTP Inputs
Send a single HTTP OPTIONS request with the exact query param, header, cookie, and body the server expects simultaneously.
Web
Math Solver
Automate solving 100 consecutive linear equations within a single HTTP session to unlock the flag.
SQLi Cards — Union Injection into SQLite
Union-based SQL injection in a card lookup form to enumerate tables via sqlite_master and extract the flag.
XSS Escape — Breaking Out of a Script String Context
Escape a JavaScript string context inside a script tag by injecting a closing script tag that the sanitizer fails to block.
Segnalazione Cinghiali — Union-Based SQLi in Node/Express
Union-based SQL injection in the report ID parameter of a Node.js/TypeScript Express app to leak the flag from a hidden table.
Bank Logic Bypass — Scientific Notation Bypasses Integer Validation
Submit a withdrawal amount in scientific notation to exploit loose type parsing and credit 1 billion to your balance.
Blind SQLi Login — Boolean-Based Character Extraction
Boolean blind SQL injection on a login form to extract a password character by character using HEX comparison.
Extract HTML Comments
Use BeautifulSoup to extract HTML comment nodes from a page and reveal the hidden flag.
A Too Small Reminder — Session ID Enumeration
Register, log in, notice the session_id cookie is a small integer. Brute-force integers upward from 30 until the admin session is hit and the flag appears.
Basic SQLi — Classic OR 1=1 Login Bypass
Inject ’ OR ‘1’=‘1 into both username and password fields to make the SQL query always true and grab the flag from the response.