New or experienced, learn about various vulnerability types on custom made web application challenges based on real bug bounty findings! Learn about new techniques and bypasses whilst embracing the mindset of a hacker.
The stage is yours, take it and have some fun!Browse free challenges
FastFoodHackings is a demo web application designed to test your approach to discovering vulnerabilities. You've learnt about various vulnerability types from our other challenges, but now can you go and find them without knowing where they are?
Please note there is no triage available for this demo.Visit playground
Browse information related to public program activity such as the amount of reports received in ~90 days (updated daily), hackers thanked and if allowed, disclosed reports.
An article contributed by one of our top hackers,
iBruteforce giving you tips and advice on taking effective notes when participating in bug bounties
|Medium a non admin doctor can search for patients||twsec Level 2||Application/Business Logic|
|High idor||prob_hakz Level 2||Insecure direct object reference|
|Medium Reflected xss on register.php||0xblackbird||Reflective XSS|
|CRITICAL It is possible to reset drAdmin's password||vigilante||Auth issues|
|Medium [COLLAB] DOM XSS on register patch bypass||amec0e Level 2||Reflective XSS|
|CRITICAL Endpoint allows unauthorized users to update other user's passwords||0xblackbird||Auth issues|
|Medium XSS on internet explorer in the login page using the referer header||sumzer0 Level 2||Reflective XSS|
|Medium Reflected XSS on login Page via ref paramater||codersanjay Level 3||Reflective XSS|
|Low Open URL Redirect on /drpanel/logout.php||rintox Level 3||Open Redirect|
|Medium Applogic at Modifying Appointment Details||mrrootsec Level 2||Application/Business Logic|