Posts

Showing posts from June, 2018

[Hone Your Ninja Skill] Data is Golden: Your Profile Data version 2

Limited knowing of latest browsers protection on cross domain access triggers developers to assume we're now completely safe and immune from hijacking attack.

http://honeyourskills.ninja/target/web/golden_data/?url=your-profilev2.php

[Hone Your Ninja Skill] Data is Golden: Your Profile Data

We,pentesters, way too much focus on technical aspects of vulnerability. Advanced attackers are goal-driven and objective-based. They set goal and identify which attack vectors can bring them access to golden data that they're targeting. In this challenge series, you will do whatever you can to steal data in unauthorised or unintended way.

http://honeyourskills.ninja/target/web/golden_data/

[Hone Your Ninja Skill] Blacklist filter bypass : No HTML tags allowed

Mission: Achieve arbitrary script execution when submitting the form.
http://honeyourskills.ninja/target/xss/challenges/no-html-tags-allowed.php