theo.seuge2025

2nd place

50400 points


Solves

Challenge Category Value Time
Reset Bjoern's Password Broken Authentication 1000
Blockchain Hype Security through Obscurity 1000
Reset Bender's Password Broken Authentication 700
Login Bjoern Broken Authentication 700
Ephemeral Accountant Injection 700
Legacy Typosquatting Vulnerable Components 700
Access Log Observability Failures 700
Extra Language Broken Anti Automation 1000
SSTi Injection 1350
Retrieve Blueprint Sensitive Data Exposure 1000
HTTP-Header XSS XSS 700
Vulnerable Library Vulnerable Components 700
Frontend Typosquatting Vulnerable Components 1000
Local File Read Vulnerable Components 1000
Premium Paywall Cryptographic Issues 1350
Bjoern's Favorite Pet Broken Authentication 450
Misplaced Signature File Observability Failures 700
NoSQL Exfiltration Injection 1000
Forged Signed JWT Vulnerable Components 1350
SSRF Broken Access Control 1350
Email Leak Sensitive Data Exposure 1000
Forgotten Sales Backup Sensitive Data Exposure 700
Steganography Security through Obscurity 700
Imaginary Challenge Cryptographic Issues 1350
Kill Chatbot Vulnerable Components 1000
Reset Morty's Password Broken Anti Automation 1000
Change Bender's Password Broken Authentication 1000
Bonus Payload XSS 100
Arbitrary File Write Vulnerable Components 1350
Memory Bomb Insecure Deserialization 1000
Unsigned JWT Vulnerable Components 1000
Visual Geo Stalking Sensitive Data Exposure 250
Meta Geo Stalking Sensitive Data Exposure 250
Exposed credentials Sensitive Data Exposure 250
Successful RCE DoS Insecure Deserialization 1350
Blocked RCE DoS Insecure Deserialization 1000
Login Amy Sensitive Data Exposure 450
Upload Type Improper Input Validation 450
Deprecated Interface Security Misconfiguration 250
GDPR Data Erasure Broken Authentication 450
Reset Jim's Password Broken Authentication 450
Deluxe Fraud Improper Input Validation 450
CAPTCHA Bypass Broken Anti Automation 450
Christmas Special Injection 700
NoSQL Manipulation Injection 700
Forgotten Developer Backup Sensitive Data Exposure 700
Web3 Sandbox Broken Access Control 100
Client-side XSS Protection XSS 450
API-only XSS XSS 450
Multiple Likes Broken Anti Automation 1350
Reflected XSS XSS 250
Login MC SafeSearch Sensitive Data Exposure 250
Forged Review Broken Access Control 450
Manipulate Basket Broken Access Control 450
Payback Time Improper Input Validation 450
Forged Coupon Cryptographic Issues 1350
Nested Easter Egg Cryptographic Issues 700
Easter Egg Broken Access Control 700
Poison Null Byte Improper Input Validation 700
NFT Takeover Sensitive Data Exposure 250
Admin Registration Improper Input Validation 450
Empty User Registration Improper Input Validation 250
Database Schema Injection 450
User Credentials Injection 700
Login Jim Injection 450
Login Bender Injection 450
Security Policy Miscellaneous 250
Five-Star Feedback Broken Access Control 250
Admin Section Broken Access Control 250
Bully Chatbot Miscellaneous 100
Privacy Policy Miscellaneous 100
Repetitive Registration Improper Input Validation 100
Password Strength Broken Authentication 250
Forged Feedback Broken Access Control 450
View Basket Broken Access Control 250
Outdated Allowlist Unvalidated Redirects 100
Zero Stars Improper Input Validation 100
Exposed Metrics Observability Failures 100
Confidential Document Sensitive Data Exposure 100
DOM XSS XSS 100
Score Board Miscellaneous 100
Error Handling Security Misconfiguration 100
Login Admin Injection 250