New or experienced, learn about various vulnerability types on custom made web application challenges based on real bug bounty findings! Learn about new techniques and bypasses whilst embracing the mindset of a hacker.
The stage is yours, take it and have some fun!
Browse free challenges
FastFoodHackings is a demo web application designed to test your approach to discovering vulnerabilities. You've learnt about various vulnerability types from our other challenges, but now can you go and find them without knowing where they are?
Please note there is no triage available for this demo.
Visit playground
Public program activity
Browse information related to public program activity such as the amount of reports received in ~90 days (updated daily), hackers thanked and if allowed, disclosed reports.
| Finding | Hunter | Vuln type |
|---|---|---|
| Medium a non admin doctor can search for patients | twsec Level 2 | Application/Business Logic |
| High idor | prob_hakz Level 2 | Insecure direct object reference |
| Medium Reflected xss on register.php | 0xblackbird Level 4 | Reflective XSS |
| CRITICAL It is possible to reset drAdmin's password | vigilante Level 4 | Auth issues |
| Medium [COLLAB] DOM XSS on register patch bypass | amec0e Level 2 | Reflective XSS |
| CRITICAL Endpoint allows unauthorized users to update other user's passwords | 0xblackbird Level 4 | Auth issues |
| Medium XSS on internet explorer in the login page using the referer header | sumzer0 Level 2 | Reflective XSS |
| Medium Reflected XSS on login Page via ref paramater | codersanjay Level 3 | Reflective XSS |
| Low Open URL Redirect on /drpanel/logout.php | rintox Level 3 | Open Redirect |
| Medium Applogic at Modifying Appointment Details | mrrootsec Level 2 | Application/Business Logic |
Disclosed Hackevent Reports