HackLab — Play

HACKLAB

☕ Buy me a coffee

Mission Briefing

SUBMIT SECRET:

SQL Query Monitor

query.sqlHackLab Monitor

-- Waiting for input...

Query Result

No queries executed yet.

Terminal

hacklab@megacorp:~$

http://portal.megacorp.internal

Enter a URL path above and press Go.

http://portal.megacorp.internal

HEADERS

No headers — click + Add to inject one (e.g. Host: evil.com)

BODY PARAMS

No body params — click + Add (used for POST requests)

▶ curl equivalent curl "http://portal.megacorp.internal/"

RESPONSE

◆ PIXELMART SECURITY REVIEW

5 Advanced Missions Await

MegaCorp just acquired PixelMart. Security review starts today. The dev team was rushed and the platform is riddled with flaws. Find every vulnerability before it goes live.

06Price Manipulation

07Directory Traversal

08Server-Side Request Forgery

09Mass Assignment

10Password Reset Poisoning

$0.99 one-time unlock · instant access

◆ OPERATION BLACKSITE UNLOCKED

Access Granted.

Five new vulnerabilities. One acquisition. Zero time to waste.

06Price Manipulation

07Directory Traversal

08Server-Side Request Forgery

09Mass Assignment

10Password Reset Poisoning

STAGE COMPLETE

☕ Buy me a coffee

HACKLAB COMPLETE

Mission Accomplished

You've identified all 5 vulnerabilities in the MegaCorp portal.

Information Leakage

OWASP A05 — Security Misconfiguration

Broken Access Control (IDOR)

OWASP A01 — Broken Access Control

Cross-Site Scripting (XSS)

OWASP A03 — Injection

SQL Injection

OWASP A03 — Injection

Command Injection

OWASP A03 — Injection

These are real vulnerabilities found in production systems every day. Now you know how to spot them — and how to defend against them.

☕ Buy me a coffee