BugBountyHunter

A variety of free challenges recreated based on real bug bounty findings. Practise your knowledge learnt from our website and see if you can complete each challenge. After you think you've found the answer you can then reveal the solution to check if you are right!

Newcomer Challenges

1. Cross Origin Resource Sharing - Checking if a whitelisted string is found is a bad approach
2. Misc / Application Logic - Can you obtain the sensitive information somehow?
3. Cross Site Scripting (XSS) - Can you find any XSS on this "harmless" page?
4. Open URL Redirect - You may only redirect to *.bugbountyhunter.com
5. Open URL Redirect - Only relative redirects are allowed!
6. Cross Site Scripting (XSS) - Change the class of our image and pick your favourite!
7. Cross Site Scripting (XSS) - Can you find any XSS? No HTML tags allowed!

Level Up Your Hacking

1. Misc / Application Logic - Can you access our private tool, XSS Destroyer?
2. Test your recon - There's a leak somewhere!
3. Open URL Redirect - Can you steal the SSO token?
4. Cross Site Scripting (XSS) - "I've won a bounty" generator
5. Insecure Direct Object Reference - Check out these HackerPhotos! Nothings wrong here.
6. Misc / Application Logic - What's behind this admin panel?
7. Cross Site Scripting (XSS) - This strict URL filter should prevent XSS, right?
8. Cross Site Request Forgery (CSRF) - There's cross site request forgery (CSRF) protection, but how good is it?

 ZSeano's Playground