Test your hacking skills on real-world simulated bugs
Hacktivity is a treasure trove of vulnerability data and tactics. You’ve got newly published reports from across the web, staple programs that believe in the power of defaulting to disclosure and transparency.
So we took five disclosed reports and partnered with HackEDU team to create sandbox environments available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered.
So here, in all their glory, are the hacktivity reports and their respective sandbox environments that you can hack hack hack til you drop drop drop.
Test your hacking skills in these 5 sand hackboxes
Highly wormable clickjacking in player card (Report #85624)
Reported to Twitter by @filedescriptor
Description: In this clickjacking example, it’s possible to set up an attack that can spread from user to user.
Get hacking now in report 85624’s sandbox environment
XXE in Site Audit function exposing file and directory contents (Report #312543)
Reported to SEMRush by @achapman
Description: This is an XML External Entity vulnerability where hackers can read arbitrary files from the server.
Get hacking now in report 312543’s sandbox environment
RCE by command line argument injection (Report #212696)
Reported to Imgur by @neex
Description: Get control of the server via a unique command injection.
Get hacking now in report 212696’s sandbox environment
SQL injection (Report #273946)
Reported to Grabtaxi by @jouku
Description: Track down and exploit a SQL injection vulnerability using sqlmap.
Get hacking now in report 273946’s sandbox environment
Stealing contact form data on hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP (Report #207042)
Reported to HackerOne by @fransrosen
Description: Work your way to a successful exploitation from this interesting XSS vulnerability.
Get hacking now in report 207042’s sandbox environment
Learn how to hack and level up your skills
It’s never been easier or funner to learn how to hack than it is today with HackerOne’s Hacker101 content and CTF. And it just got even better with these amazing sandbox training resources.
Let us know what you think and how you fair in the latest hacking challenge. Tweet about the hunt, and as always, happy hacking!
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.
The 8th Annual Hacker-Powered Security Report