Top 5 — Flag Catchers
No submissions yet — be the first! Submit a flag.
Captures by vulnerability
How many unique browser sessions have captured each flag. Total submissions so far: 0.
| # | Vulnerability | Captures |
|---|---|---|
| 1 | Robots.txt Disclosure | 0 |
| 2 | Secrets in HTML Comments | 0 |
| 3 | IDOR on Student Profile | 0 |
| 4 | Forced Browsing / Missing Auth | 0 |
| 5 | Username Enumeration | 0 |
| 6 | Client-side Price Tampering | 0 |
| 7 | Sequential File Reference | 0 |
| 8 | Reflected XSS | 0 |
| 9 | Business-Logic Flaw (Discount) | 0 |
| 10 | Debug Endpoint Exposure | 0 |
| 11 | Hidden-Field Mass Assignment | 0 |
| 12 | Directory Listing Exposure | 0 |
Scoreboard auto-refreshes every 10 seconds. Per-browser dedup — resubmitting the same flag from the same browser doesn't re-count. No login required.