flavien.dupas2025

1st place

52550 points


Solves

Challenge Category Value Time
Empty User Registration Improper Input Validation 250
Admin Registration Improper Input Validation 450
Deluxe Fraud Improper Input Validation 450
Reset Uvogin's Password Sensitive Data Exposure 700
Login Amy Sensitive Data Exposure 450
Forgotten Developer Backup Sensitive Data Exposure 700
Forgotten Sales Backup Sensitive Data Exposure 700
API-only XSS XSS 450
Client-side XSS Protection XSS 450
CSP Bypass XSS 700
HTTP-Header XSS XSS 700
Video XSS XSS 1350
Cross-Site Imaging Security Misconfiguration 1000
Login Support Team Security Misconfiguration 1350
Leaked Access Logs Observability Failures 1000
Access Log Observability Failures 700
Database Schema Injection 450
Ephemeral Accountant Injection 700
User Credentials Injection 700
CAPTCHA Bypass Broken Anti Automation 450
Privacy Policy Inspection Security through Obscurity 450
Arbitrary File Write Vulnerable Components 1350
Local File Read Vulnerable Components 1000
Unsigned JWT Vulnerable Components 1000
Imaginary Challenge Cryptographic Issues 1350
Premium Paywall Cryptographic Issues 1350
Nested Easter Egg Cryptographic Issues 700
Email Leak Sensitive Data Exposure 1000
Missing Encoding Improper Input Validation 100
Exposed credentials Sensitive Data Exposure 250
Forged Signed JWT Vulnerable Components 1350
Blocked RCE DoS Insecure Deserialization 1000
Successful RCE DoS Insecure Deserialization 1350
Memory Bomb Insecure Deserialization 1000
Extra Language Broken Anti Automation 1000
Multiple Likes Broken Anti Automation 1350
Reset Morty's Password Broken Anti Automation 1000
Bjoern's Favorite Pet Broken Authentication 450
SSTi Injection 1350
SSRF Broken Access Control 1350
NoSQL Manipulation Injection 700
NoSQL DoS Injection 700
NoSQL Exfiltration Injection 1000
Allowlist Bypass Unvalidated Redirects 700
Outdated Allowlist Unvalidated Redirects 100
Poison Null Byte Improper Input Validation 700
Misplaced Signature File Observability Failures 700
Easter Egg Broken Access Control 700
Deprecated Interface Security Misconfiguration 250
Upload Type Improper Input Validation 450
Upload Size Improper Input Validation 450
Kill Chatbot Vulnerable Components 1000
Supply Chain Attack Vulnerable Components 1000
Server-side XSS Protection XSS 700
Vulnerable Library Vulnerable Components 700
Weird Crypto Cryptographic Issues 250
Legacy Typosquatting Vulnerable Components 700
Frontend Typosquatting Vulnerable Components 1000
Steganography Security through Obscurity 700
Blockchain Hype Security through Obscurity 1000
GDPR Data Erasure Broken Authentication 450
Change Bender's Password Broken Authentication 1000
Login Jim Injection 450
Login Bender Injection 450
Visual Geo Stalking Sensitive Data Exposure 250
Meta Geo Stalking Sensitive Data Exposure 250
NFT Takeover Sensitive Data Exposure 250
Login Bjoern Broken Authentication 700
Five-Star Feedback Broken Access Control 250
Web3 Sandbox Broken Access Control 100
Admin Section Broken Access Control 250
Privacy Policy Miscellaneous 100
DOM XSS XSS 100
Score Board Miscellaneous 100
View Basket Broken Access Control 250
Exposed Metrics Observability Failures 100
Login Admin Injection 250
Bully Chatbot Miscellaneous 100
Error Handling Security Misconfiguration 100
Confidential Document Sensitive Data Exposure 100