Attack index
Every intentional bug, where it lives, and its OWASP category. Flip the security level (top-right) to compare vulnerable vs fixed, hit view source on each page, and grab flags on the scoreboard.
| vulnerability | where | OWASP | level |
|---|---|---|---|
| SQLi — integer, GET | /product.php?id=1 | A03 Injection | easy |
| SQLi — category, GET | /category.php?cat=1 | A03 | easy |
| SQLi — search LIKE, GET | /search.php?q=mug | A03 | easy |
| SQLi — ORDER BY | /catalog.php?sort=name | A03 | medium |
| SQLi — blind boolean/time | /track.php?order=SK-1001 | A03 | medium |
| SQLi — login auth bypass, POST | /login.php | A03 / A07 | easy |
| SQLi — cookie | the | A03 | medium |
| SQLi — JSON body | /apiv1.php | A03 | medium |
| SQLi — coupon, POST | /cart.php | A03 | easy |
| XSS — reflected | /search.php?q= | A03 | easy |
| XSS — stored | /reviews.php | A03 | easy |
| XSS — DOM-based | /help.php#lang= | A03 | medium |
| XSS — JSONP | /api.php?callback=cb | A03 | medium |
| Path traversal / LFI-read | /image.php?file= | A01 / A05 | medium |
| Open redirect | /go.php?url= | A01 | easy |
| CSRF | /account.php, /reviews.php | A01 | medium |
| Broken access control | /admin.php | A01 | medium |
| Insecure identity cookie | the | A07 | easy |
| Business logic — qty/price tampering | /cart.php | A04 | medium |
Bonus: this shop ships an OpenAPI spec — try sqlmap --openapi against it.