// learn

Modules

8 modules found

IDOR - User Profile Access

Easy

Access other users' data by manipulating object identifiers in requests. A great first vulnerability to understand broken access control.

SQL Injection - Login Bypass

Easy

Bypass authentication using classic SQL injection techniques. Learn how unsanitized inputs can break an entire login system.

Directory Traversal - Basic

Easy

Access restricted files on the server using path traversal payloads. Understand how file system boundaries can be broken.

XSS - Reflected Payload

Easy

Craft and execute reflected cross-site scripting attacks. Learn how malicious scripts get injected into a victim's browser.

SQL Injection - UNION Based

Medium

Extract database contents using UNION-based SQL injection. Go beyond login bypass and pull real data from the backend.

XSS - Stored Injection

Medium

Inject persistent malicious scripts into application storage. Unlike reflected XSS, stored payloads hit every user who loads the page.

CSRF - Password Change

Medium

Force authenticated users to perform actions without their knowledge. Learn how to exploit missing CSRF protections.

Command Injection - Basics

Medium

Execute arbitrary system commands through unsanitized user input. One of the most dangerous vulnerability classes in web apps.