Root-Me Web server challengesΒΆ
Test skills with:
- Insecure code management
- Directory traversal
- File upload: null byte
- PHP assert()
- PHP Filters
- PHP Register globals
- JWT Introduction
- JWT (not) revoked token
- JWT weak secret
- Python: Server-side Template Injection Introduction
- Command injection: filter bypass
- Java: Server-side Template Injection (SSTI)
- Local file inclusion
- Local file inclusion: double encoding
- PHP preg_replace
- PHP type juggling
- SQL injection: authentication
- SQL injection: string
- XSLT code execution
- PHP path truncation
- PHP serialisation
- SQL injection: numeric
- SQL injection: routed
- SQL truncation
- XPath injection: authentication
- SQL injection: time-based
Last update:
2025-05-12 14:16