We've created a basic web application called "HackerPhotos" to hightlight some awesome hacker-tagged photography. It is just in BETA and we'd love for you to give it a try and make sure we've not m...

This lab has a horizontal privilege escalation vulnerability on a user account page. Let's try to exploit the vulnerabilities.

This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password.

You're going to be searching for the flags, using every skill and tool in your arsenal. Flags are placed in various locations -- they might be in a file, in the database, stuck into source code, or...

This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists.

In this lab, the source code is exposed through backup files located in a hidden directory. To complete the lab, you need to find and submit the database password, which is hard-coded within the le...

This lab controls access to certain admin functionality based on the Referer header. Let's solve the lab to exploit the flawed access controls and promote ourselves to become administrators.

This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response.

There are some really weird files on Hacksparo's desktop. Let's find out what is really hiding from us. This room is about learning about zip files and how to uncover secrets in a zip file.

This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.