The Intentionally Vulnerable Web Application Pentesting Lab.
Master 183 real-world security challenges across 18 categories β from XSS to SSRF to RCE.
SQL injection, command injection, template injection β master the fundamentals of server-side exploitation.
Stored, reflected, and DOM-based XSS plus CSTI. 10-level DOM playground included.
Broken authentication, IDOR, privilege escalation, mass assignment, and insecure sessions.
Server-side request forgery, information disclosure, security misconfiguration, and fingerprinting.
Unrestricted file upload, path traversal, XML external entity injection, and more.
Track progress with 183 unique flags, 3-tier hints system, and a competitive leaderboard.