undefined_dave

2nd place

11150 points

Solves

Challenge	Category	Value
Command Injection	Web Application Pentest	400
Weak Password Reset	Web Application Pentest	300
Cross-Site Scripting (XSS) - Stored	Web Application Pentest	300
Path Traversal	Web Application Pentest	300
Insecure Direct Object Reference (IDOR)	Web Application Pentest	300
Server-Side Request Forgery (SSRF)	Web Application Pentest	300
XML External Entity (XXE) Injection	Web Application Pentest	300
Broken Access Control - Admin Panel	Web Application Pentest	300
SQL Injection - Login Bypass	Web Application Pentest	200
Log Analysis 1	Log Analysis	100
Cross-Site Request Forgery (CSRF)	Static Code Analysis	700
Insecure Direct Object Reference (IDOR)	Static Code Analysis	800
Server-Side Request Forgery (SSRF)	Static Code Analysis	600
Sensitive Data Exposure	Static Code Analysis	600
Insecure Deserialization	Static Code Analysis	600
XML External Entity (XXE)	Static Code Analysis	500
Missing Authorization	Static Code Analysis	500
Insecure Cookie Configuration	Static Code Analysis	400
Missing Input Validation	Static Code Analysis	400
Mass Assignment	Static Code Analysis	400
Session Management Vulnerabilities	Static Code Analysis	400
Command Injection	Static Code Analysis	400
Weak Random Number Generation	Static Code Analysis	300
Path Traversal	Static Code Analysis	300
Cross-Site Scripting (XSS)	Static Code Analysis	300
Open Redirect	Static Code Analysis	200
SQL Injection	Static Code Analysis	200
Weak Password Storage	Static Code Analysis	200
Log Analysis 2	Log Analysis	100
Hardcoded Secret	Web Application Pentest	100
Log Analysis 5	Log Analysis	150
Log Analysis 4	Log Analysis	100
Log Analysis 3	Log Analysis	100