Modules
8 modules found
IDOR - User Profile Access
EasyAccess other users' data by manipulating object identifiers in requests. A great first vulnerability to understand broken access control.
SQL Injection - Login Bypass
EasyBypass authentication using classic SQL injection techniques. Learn how unsanitized inputs can break an entire login system.
Directory Traversal - Basic
EasyAccess restricted files on the server using path traversal payloads. Understand how file system boundaries can be broken.
XSS - Reflected Payload
EasyCraft and execute reflected cross-site scripting attacks. Learn how malicious scripts get injected into a victim's browser.
SQL Injection - UNION Based
MediumExtract database contents using UNION-based SQL injection. Go beyond login bypass and pull real data from the backend.
XSS - Stored Injection
MediumInject persistent malicious scripts into application storage. Unlike reflected XSS, stored payloads hit every user who loads the page.
CSRF - Password Change
MediumForce authenticated users to perform actions without their knowledge. Learn how to exploit missing CSRF protections.
Command Injection - Basics
MediumExecute arbitrary system commands through unsanitized user input. One of the most dangerous vulnerability classes in web apps.