🐛 Platform Pelatihan Bug Bounty

Platform pembelajaran keamanan siber dengan vulnerability yang disengaja

⚠️ PERINGATAN: Aplikasi ini mengandung vulnerability yang disengaja untuk tujuan pembelajaran. Gunakan HANYA di lingkungan terisolasi dan terkontrol.

Level Pemula

✓ SQL Injection Dasar
✓ Reflected XSS
✓ IDOR (Insecure Direct Object Reference)
✓ API tanpa Autentikasi
✓ Session Fixation

Total Vulnerability

Points: 80-100 per challenge

Lihat Detail Lengkap

Level Menengah

✓ Command Injection
✓ Path Traversal
✓ Stored XSS
✓ CSRF Advanced
✓ PHP Code Injection

Total Vulnerability

Points: 140-160 per challenge

Lihat Detail Lengkap

Level Sulit

✓ Authentication Bypass
✓ SSRF (Server-Side Request Forgery)
✓ Insecure Deserialization
✓ Advanced SQL Injection
✓ Template Injection

Total Vulnerability

Points: 200-250 per challenge

Lihat Detail Lengkap

🎭 Skenario Pelatihan

Pilih level pelatihan Anda dan aktifkan skenario vulnerability yang berbeda:

Pelatihan Dasar Pemula

Latihan Menengah Menengah

Tantangan Lanjutan Lanjutan

Login Diperlukan: Silakan login terlebih dahulu untuk mengakses training scenarios.

🎯 Mulai Hunting

Daftar atau login untuk mulai hunting bug dan mengumpulkan points!

Daftar Sekarang Masuk

🔗 Tautan Cepat

Autentikasi Diperlukan
Silakan login untuk mengakses fitur-fitur training platform.

💡 Tips untuk Bug Hunter Pemula

Akun Test Sample:

user@bugbounty.local / password
guest@bugbounty.local / guest
test@bugbounty.local / test123

Tools yang Berguna:

Burp Suite / OWASP ZAP
Browser Developer Tools
Postman for API testing
SQLMap for SQL injection

Serangan Injection (15)

SQL Injection Dasar
SQL Union Injection
SQL Error Injection
LDAP Injection
Host Header Injection
HTML Injection
iFrame Injection
SSI Injection
XML Injection
CRLF Injection
Log Injection
Expression Language Injection
Basic Command Injection
Basic Path Traversal
Basic File Inclusion

Varian XSS (12)

Reflected XSS
XSS Filter Bypass
XSS JavaScript Context
XSS via SVG
XSS via PostMessage
XSS via JSONP
XSS in URL Parameters
XSS in HTTP Headers
XSS in Cookie Values
XSS via User-Agent
XSS via Referer
Basic Stored XSS

Authentication & Session (8)

Session Fixation
Weak Session Management
Insecure Login Forms
Password Reset Flaws
Account Enumeration
Weak Password Policy
Session Hijacking
Basic Auth Bypass

Configuration Issues (10)

Security Misconfiguration
Directory Listing
Backup File Exposure
Debug Information Disclosure
Error Message Information Leakage
HTTP Methods Enabled
Missing Security Headers
Insecure HTTP Headers
Cookie Security Issues
HTTPS Configuration Issues

Other Vulnerabilities (5)

IDOR (Insecure Direct Object Reference)
API tanpa Autentikasi
Open Redirect
Clickjacking
CSRF Bypass

Advanced Injection (15)

Command Injection
PHP Code Injection
XPath Injection
SMTP Injection
JSON Injection
SOAP Injection
Advanced SQL Injection
Blind SQL Injection
Time-based SQL Injection
Boolean-based SQL Injection
Second-order SQL Injection
Advanced Path Traversal
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
Advanced Command Injection

Advanced XSS (12)

Stored XSS
DOM-based XSS
XSS via File Upload
XSS CSP Bypass
XSS CSS Context
Blind XSS
XSS via PDF
XSS via Flash
XSS via XML
XSS via JSON
XSS via WebSocket
Persistent XSS

File Handling (8)

File Upload Vulnerabilities
File Upload Type Bypass
File Upload Size Bypass
Malicious File Upload
File Download Vulnerabilities
File Inclusion Attacks
Archive Extraction Vulnerabilities
File Metadata Exploitation

AJAX & Web Services (10)

AJAX IDOR
WebSocket Attacks
CORS Misconfiguration
GraphQL Injection
REST API Vulnerabilities
JSON Web Token (JWT) Issues
API Rate Limiting Bypass
API Authentication Bypass
API Parameter Pollution
API Version Confusion

Authentication & Session (8)

Advanced CSRF
OAuth Redirect
JWT Algorithm Confusion
Session Puzzling
Multi-step Authentication Bypass
Password Reset Token Issues
Account Takeover
Privilege Escalation

Cryptographic & Other (7)

Weak Encryption
Regex DoS
Subdomain Takeover
Cache Poisoning
HTTP Parameter Pollution
Business Logic Flaws
Race Condition (Basic)

Advanced Attacks (15)

Authentication Bypass
SSRF (Server-Side Request Forgery)
Insecure Deserialization
Advanced SQL Injection
Template Injection
NoSQL Injection
HTTP Request Smuggling
Advanced Request Smuggling
Race Condition
Advanced Timing Attack
Blind XXE
Advanced Prototype Pollution
Memory Corruption
Buffer Overflow Simulation
Advanced Business Logic Flaws

Cryptographic Issues (8)

JWT Bypass
JWT Key Confusion
Padding Oracle Attack
Hash Length Extension
Weak Random Number Generation
Certificate Validation Bypass
Encryption Oracle Attacks
Side-channel Attacks

Infrastructure & Config (9)

Git Directory Exposure
Docker Escape
Container Security Issues
Cloud Misconfigurations
Kubernetes Security Issues
Network Segmentation Bypass
DNS Rebinding
CDN Security Issues
Load Balancer Bypass

Famous CVEs & Realistic (8)

Heartbleed Simulation
Log4Shell Simulation
Shellshock Simulation
Struts2 RCE Simulation
Realistic SQL Injection
Realistic XSS Social Engineering
Realistic File Upload Bypass
Realistic Auth Bypass