Captcha Bypass -> Leaked In HTML CAPTCHA Is a type of challenge–response test used in computing to determine whether the user is human or a bot. Misconfigured captcha may leak the answer of the...

Captcha Bypass -> Not Expiring After Used CAPTCHA Is a type of challenge–response test used in computing to determine whether the user is human or a bot. Solved captcha is meant to be used once...

Captcha Bypass -> Leaked In Cookie CAPTCHA Is a type of challenge–response test used in computing to determine whether the user is human or a bot. Misconfigured captcha may leak the answer of t...

Captcha Bypass -> OCR CAPTCHA Is a type of challenge–response test used in computing to determine whether the user is human or a bot. If the text in the captcha is not scattered enough, we can ...

Broken Authentication -> Weak Password A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all pos...

Session hijacking -> Session Id In Url If you place a session token directly in the URL, it increases the risk of an attacker capturing and exploiting it. Anyone who follows that URL inherits t...

Broken Authentication -> Username Enumeration Username enumeration is a technique of guessing a valid usernames on a server or web application. Exploitation In this test, we are going to us...

Session hijacking -> Session Fixation Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application mana...

Broken Authentication -> Account Takeover Via Multistage Login Exploitation This webapp has authentication flaw that allows attacker to takeover an account of any registered user. We have be...

Session hijacking -> Insufficient Session Expiration Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. E...