Home

HTML Injection

get all scores
Level 1 Level 2 Level 3 Level 3 copy
CRLF

Level 1
Content Type Control

Level 1
JavaScript

get all scores
Level 1 Level 2
UploadFiles

get all scores
Level 1 Level 2 Level 3 Ajax
Path Traversal

Level 1
Burp-Suite

get all scores
Level 1 Level 2 Level 3
XSS

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6 Level 7 Level 8 Level 9 Level 10 Level 11 Level 12 Level 13 Level 14 Level 15
Cookies

Level 1 Level 2 Level 3
Parameter Tampering

Level 1 Level 2 Level 3
BruteForce

Level 1
ClickJacking

Level 1
IDOR

Level 1 Level 2 Level 3
Open redirect

Level 1 Level 2
SSRF

Level 1 Level 2
LFI & RFI

Level 1 - LFI Level 2 - LFI Level 2 - LFI to RCE Level 3 - LFI Level 4 - LFI Level 5 - LFI
RCE

Level 1 Level 2
SQLi

Level 1 Level 2 Level 3 Level 4
Web

Level 1 Level 2 Level 3 Level 4 Level 5 Level 6 Level 7
LogOut

Code Review - Level 1

Source Code:

<?php
$flag = '// remove';
if(isset($_GET['user']) && isset($_GET['pass'])){
if($_GET['user'] == 'admin' && $_GET['pass'] == 'admin'){
echo 'flag is : // remove';
} else {
echo 'try to login again';
}
}
?>