AI Startup
Scrappy AI SaaS with exposed prompt config, debug env data, and a leaky support search.
/site/ai-startup/
CWE-200CWE-306
SlopEmu Scenario Hub
Each route below renders a small app-like page that leaks or mishandles something on load, plus supporting endpoints and weak validation paths for scanner calibration.
Indie SaaS
Solo-founder SaaS that exposes account data, billing config, client-trusted subscription upgrades, and a dashboard without auth.
/site/indie-saas/
CWE-639CWE-602CWE-200
Hosting Panel Bypass
Hosting control panel that simulates a 2026-style session-loading authentication bypass on internet-exposed admin paths.
/site/hosting-panel-bypass/
CWE-288CWE-306
Enterprise Legacy
Old internal stack with forgotten APIs, direct SQL dumps, and reports behind weak assumptions.
/site/enterprise-legacy/
CWE-538CWE-200
Supabase Clone
Project dashboard that loads profiles and storage metadata with an exposed anon config.
/site/supabase-clone/
CWE-862CWE-200
Naked Postgres
Database console that simulates a publicly reachable Postgres service with weak network and auth settings.
/site/naked-postgres/
CWE-284CWE-319CWE-200
Next.js App
A modern frontend that advertises hidden flags and exposes build artifacts.
/site/nextjs-app/
CWE-200CWE-540
GraphQL API
GraphQL endpoint with enabled introspection and sensitive fields accessible to anonymous callers.
/site/graphql-api/
CWE-200CWE-862
Fintech App
Wallet UI that preloads another customer account and accepts weak amount validation.
/site/fintech-app/
CWE-639CWE-20
Ecommerce Advanced
Checkout flow that trusts client totals, weak email validation, and exposed order lookups.
/site/ecommerce-advanced/
CWE-602CWE-639
DevOps Leak
Operations panel with deploy workflow files, verbose logs, and a downloadable backup archive.
/site/devops-leak/
CWE-538CWE-200
Poisoned CI Action
Release pipeline that simulates compromised automation credentials, retagged actions, and leaked workflow secrets.
/site/poisoned-ci-action/
CWE-522CWE-829
Staging Env
Staging UI that automatically loads internal users and skips normal gatekeeping.
/site/staging-env/
CWE-306CWE-200
CORS Misconfig
API playground that highlights a permissive credentialed CORS policy.
/site/cors-misconfig/
CWE-942CWE-306
Mobile Backend
Backend docs that encourage trusting mobile headers and exposing versioned admin APIs.
/site/mobile-backend/
CWE-290CWE-798
Multi Tenant SaaS
Tenant switcher that happily loads users from another org when the ID changes.
/site/multi-tenant-saas/
CWE-284CWE-639
CMS Platform
Simple editorial dashboard that stores unsafe HTML and reflects form preview content back into raw HTML.
/site/cms-platform/
CWE-79CWE-602
Auth System
Login panel with weak email validation, reusable tokens, and a leaked signing secret.
/site/auth-system/
CWE-287CWE-798
Internal Tools
No-login operations console with internal APIs and support shortcuts rendered on load.
/site/internal-tools/
CWE-306CWE-200
Analytics Dashboard
Open metrics board that fetches revenue and customer health data on first paint.
/site/analytics-dashboard/
CWE-200CWE-306
File Upload Service
Upload widget that accepts arbitrary names, weak content checks, and traversal-style reads.
/site/file-upload/
CWE-434CWE-22
Chat App
Shared chat room that stores raw HTML and leaks other room traffic into the default view.
/site/chat-app/
CWE-79CWE-200
Config Leak
Settings page that loads environment, feature flags, and internal hostnames into the browser.
/site/config-leak/
CWE-200CWE-489
Git Exposed
Minimal site whose public surface includes live repository metadata files.
/site/git-exposed/
CWE-200CWE-538
Feature Flag App
Frontend boot script enables admin and bypass flows before the server checks anything.
/site/feature-flags/
CWE-602CWE-306
Hybrid Modern App
Calibration target with intentionally mixed results so scanners can measure precision as well as recall.
/site/hybrid-modern/
CWE-200CWE-602
Agent Tool Abuse
Chat agent concatenates user input into the system prompt and exposes shell, fetch, and fs tools that anyone can drive.
/site/agent-tool-abuse/
CWE-77CWE-94
RAG Poisoning
Knowledge base accepts public uploads and treats poisoned chunks as authoritative answers.
/site/rag-poisoning/
CWE-77CWE-200
Open MCP Server
Internet-reachable MCP server with no auth that exposes shell.exec, db.query, and secrets.read.
/site/mcp-open/
CWE-306CWE-200
Vector DB Leak
Frontend ships a Pinecone key and the search endpoint accepts a wildcard namespace across tenants.
/site/vector-db-leak/
CWE-798CWE-200
OAuth Redirect
OAuth authorize endpoint trusts arbitrary redirect_uri values and never verifies state or PKCE.
/site/oauth-redirect/
CWE-601CWE-1275
Password Reset Flaws
Reset flow leaks account existence, ships tokens in URLs, and accepts predictable 6-digit values.
/site/password-reset-flaws/
CWE-640CWE-204
JWT Alg Confusion
Verifier accepts alg=none and dereferences attacker-controlled kid paths.
/site/jwt-alg-confusion/
CWE-347CWE-327
Magic Link & OTP
Passwordless flow with no rate limit, 6-digit OTP, and reusable long-TTL magic links.
/site/magic-link-otp/
CWE-307CWE-294
SSRF Image Proxy
Avatar resizer fetches arbitrary URLs including cloud metadata, internal services, and file://.
/site/ssrf-image-proxy/
CWE-918
Raw SQL Injection
User search builds SQL by string concatenation and reflects errors back to the client.
/site/sqli-raw/
CWE-89
NoSQL Operator Injection
Login passes JSON sub-objects into Mongo so $ne/$gt operators bypass authentication.
/site/nosql-injection/
CWE-943
Server-Side Template Injection
Newsletter previewer evaluates user-supplied templates with access to env globals.
/site/ssti/
CWE-94CWE-1336
Mass Assignment
Profile PATCH spreads request body into the user record and lets clients write is_admin.
/site/mass-assignment/
CWE-915
Open Redirect
Login callback honors any next URL, including protocol-relative and javascript: payloads.
/site/open-redirect/
CWE-601
XXE in SVG
SVG parser resolves external entities and embeds their contents into the rendered output.
/site/xxe-svg/
CWE-611
Zip Slip
Archive importer writes entries using their raw filenames, escaping the upload directory.
/site/zip-slip/
CWE-22CWE-434
Webhook Unverified
Stripe and GitHub webhook handlers skip signature checks or use weak ==.
/site/webhook-unverified/
CWE-345CWE-347
Stripe Paid-Param Trust
Checkout success page upgrades plans based on URL query params instead of verifying with Stripe.
/site/stripe-paid-trust/
CWE-602
Swagger UI Exposed
Swagger UI is reachable with a pre-filled bearer token and lists every admin endpoint.
/site/swagger-exposed/
CWE-200CWE-306
Sentry / Telemetry Keys
Frontend bundle exposes Sentry DSN, PostHog write key, and Datadog client token.
/site/sentry-dsn-leak/
CWE-200CWE-798
Prototype Pollution
Deep-merge endpoint walks __proto__ keys, polluting global config and feature flags.
/site/prototype-pollution/
CWE-1321
postMessage No Origin
Parent page accepts postMessage events from any origin and runs privileged actions.
/site/postmessage-no-origin/
CWE-346CWE-940
Missing CSP / Headers
Responses ship without CSP, X-Frame-Options, or HSTS, enabling framing and inline scripts.
/site/csp-missing/
CWE-1021
CSRF Missing
Email change form has no CSRF token and the session cookie is set with SameSite=None.
/site/csrf-missing/
CWE-352
Public S3 Bucket
User-content bucket grants ListBucket and PutObject to wildcard principal.
/site/s3-public-bucket/
CWE-732CWE-200
Subdomain Takeover
Marketing subdomain CNAMEs to a deleted Heroku app and is claimable by anyone.
/site/subdomain-takeover/
CWE-284CWE-1395
Open Redis
Redis bound to 0.0.0.0:6379 with no requirepass, leaking sessions and live commands.
/site/redis-open/
CWE-306CWE-319
Open MongoDB
MongoDB bound publicly with --noauth, exposing tenant DBs and password hashes.
/site/mongo-open/
CWE-306CWE-200
ref0 (Clean Reference)
Clean reference site with auth required, validated input, secure cookies, and full security headers. Any finding here is a false positive.
/site/ref0/
Agent Confused Deputy
Agent uses caller's bearer token but operates on an as_user param without authorization checks.
/site/agent-confused-deputy/
CWE-441CWE-285
Indirect Prompt Injection
Agent fetches user-supplied URLs and follows hidden instructions embedded in the page content.
/site/indirect-prompt-injection/
CWE-77CWE-94
LLM Output as HTML
Frontend renders model output via innerHTML, executing any HTML the model emits.
/site/llm-html-rendering/
CWE-79CWE-94
HTTP Request Smuggling
Front and back proxies disagree on Content-Length vs Transfer-Encoding, smuggling hidden requests.
/site/request-smuggling/
CWE-444
CRLF Response Splitting
User input is reflected into Location without stripping CRLF, allowing extra headers.
/site/crlf-response-splitting/
CWE-93CWE-113
Cache Poisoning
Origin reflects X-Forwarded-Host into the body but the CDN omits it from the cache key.
/site/cache-poisoning/
CWE-345
Regex DoS
Validator regex backtracks exponentially in input length, allowing CPU pegging.
/site/redos/
CWE-1333
Insecure Deserialization
Importer pipes user bytes into pickle.loads and accepts polymorphic Jackson types.
/site/insecure-deser/
CWE-502
TLS Downgrade
Sensitive paths over HTTP, TLS 1.0 with RC4, expired certificate, no HSTS.
/site/tls-downgrade/
CWE-319CWE-326
Weak Randomness
Tokens derived from math/rand seeded by Unix seconds; sequential output is predictable.
/site/weak-randomness/
CWE-330CWE-338
Cookie Scope Leak
Session cookie set with Domain=.example.com travels to every subdomain including third-party hosts.
/site/cookie-scope-leak/
CWE-539
Download Path Traversal
Download endpoint joins user filename into base path without normalization.
/site/download-traversal/
CWE-22CWE-200
LDAP Injection
Directory search builds LDAP filters by string concatenation, allowing wildcard matches.
/site/ldap-injection/
CWE-90
XPath Injection
Legacy XML auth concatenates user input into the XPath query, enabling tautology bypass.
/site/xpath-injection/
CWE-643
Email MIME Injection
Contact form passes subject into SMTP headers without stripping CRLF, allowing Bcc injection.
/site/email-mime-injection/
CWE-93CWE-150
DOM Clobbering
Boot script reads window.config but a comment-stored form with name="config" clobbers it.
/site/dom-clobbering/
CWE-1321
DOM Fragment XSS
Banner reads location.hash and writes it via innerHTML, executing fragment payloads.
/site/dom-fragment-xss/
CWE-79
PDF HTML Injection
Invoice PDF generator interpolates user input into HTML with file:// access enabled.
/site/pdf-html-injection/
CWE-79CWE-918
Markdown HTML Injection
Markdown renderer keeps sanitize:false so embedded HTML and scripts reach the page.
/site/markdown-html-injection/
CWE-79
OAuth Token via Referer
Callback page loads a third-party CDN script while access tokens sit in the URL fragment.
/site/oauth-token-leak-referer/
CWE-200CWE-201
PKCE Downgrade
Token endpoint accepts authorization codes without verifying code_verifier.
/site/pkce-downgrade/
CWE-345
Weak Password Policy
Signup accepts 5-character passwords with no breach check and a global rate limit.
/site/weak-password-policy/
CWE-521CWE-307
Audit Log Tamper
Audit writer accepts client-supplied timestamps and actor IDs and never escapes newlines.
/site/audit-log-tamper/
CWE-117CWE-345
GCP Metadata SSRF
Proxy reaches GCP and Azure metadata services and returns service-account tokens.
/site/gcp-metadata-ssrf/
CWE-918
Open Kubernetes Dashboard
Dashboard uses --enable-skip-login and apiserver permits anonymous list of namespaces and secrets.
/site/kube-dashboard-open/
CWE-306CWE-200
gRPC Reflection Enabled
Production gRPC server registers the reflection service, exposing admin RPCs and field shapes.
/site/grpc-reflection/
CWE-200CWE-306
WebSocket No Origin Check
Upgrade handler accepts any Origin and cookies travel on the upgrade.
/site/websocket-no-origin/
CWE-346
DNS Rebinding
Local-only admin gates by Host: localhost; a 5s TTL DNS flip lets victim browsers bypass it.
/site/dns-rebinding/
CWE-350
Clipboard Paste XSS
Rich paste handler reads text/html from clipboard and writes it via innerHTML.
/site/clipboard-paste-xss/
CWE-79
Prompt Leak via Error
500 responses include the rendered prompt, retrieved chunks, and stack traces.
/site/prompt-leak-via-error/
CWE-209CWE-200
Tool Output Injection
Agent feeds tool output back into prompt, so tool results containing instructions hijack the loop.
/site/tool-output-injection/
CWE-94CWE-77
Function-Calling Arg Poison
Function-calling schema accepts free-form strings the backend interpolates into SQL or exec.
/site/function-calling-arg-poison/
CWE-94CWE-77
Session Fixation
Login keeps the pre-auth session ID, so an attacker-planted cookie remains valid post-login.
/site/session-fixation/
CWE-384
Email Change No Reauth
Email change requires only a session, then password reset goes to the new email.
/site/email-change-no-reauth/
CWE-287CWE-862
Host Header Injection
Reset mailer builds the link from the inbound Host header with no allow-list.
/site/host-header-injection/
CWE-644CWE-201
Open Elasticsearch
Elasticsearch with security disabled exposes _cat/indices and _search across tenants.
/site/elasticsearch-open/
CWE-306CWE-200
Open Firebase Rules
Firebase realtime rules set to .read/.write true, allowing anonymous dump and overwrite.
/site/firebase-rules-open/
CWE-862CWE-306
Weak JWT Secret
HS256 secret is the literal word 'secret', shared across staging and production.
/site/weak-jwt-secret/
CWE-321CWE-798
Race-Condition Balance
Read-decide-write withdraw without a transaction lets concurrent requests both succeed.
/site/race-condition-balance/
CWE-362CWE-367
ref-oauth (Clean Reference)
Reference OAuth flow with exact-match redirect_uri, required state, and enforced PKCE.
/site/ref-oauth/
ref-jwt (Clean Reference)
Reference JWT verifier with RS256 only, kid allow-list, and rejection of alg=none/HS256.
/site/ref-jwt/
ref-webhook (Clean Reference)
Reference Stripe webhook with required signature, constant-time HMAC compare, per-env secret.
/site/ref-webhook/
ref-rls (Clean Reference)
Reference Supabase-style profiles endpoint with row-level security enforced server-side.
/site/ref-rls/
NPM Typosquat
package.json depends on a typo of a popular package whose preinstall script exfiltrates env vars.
/site/npm-typosquat/
CWE-829CWE-1357
Docker Config Leak
Web root serves ~/.docker/config.json, leaking registry credentials and helper-store metadata.
/site/docker-config-leak/
CWE-200CWE-538
Terraform State Leak
S3 bucket holding terraform.tfstate is publicly readable, exposing inline secrets and resource layout.
/site/terraform-state-leak/
CWE-538CWE-200
MCP Tool Spec Injection
MCP client trusts tool descriptions from a third-party server, which embed hidden instructions the agent obeys.
/site/mcp-tool-spec-injection/
CWE-77CWE-94
Noisy Errors
Bootstrap returns 500/503/404/malformed JSON and the page emits console.error and a thrown JS exception. Robustness check, not a vulnerability.
/site/noisy-errors/
Captcha / Bot Challenge
Cloudflare-style interstitial with __cf_bm and cf_clearance cookies, Turnstile-like widget, and content that only settles after JS runs.
/site/captcha-challenge/