Cody Brocious
Ethical Hacker,
Hacker Resources,
Hacker 101

Test your hacking skills on real-world simulated bugs

Test your hacking skills on real-world simulated bugs

Hacktivity is a treasure trove of vulnerability data and tactics. You’ve got newly published reports from across the web, staple programs that believe in the power of defaulting to disclosure and transparency.

So we took five disclosed reports and partnered with HackEDU team to create sandbox environments available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered.

So here, in all their glory, are the hacktivity reports and their respective sandbox environments that you can hack hack hack til you drop drop drop.

Test your hacking skills in these 5 sand hackboxes

Highly wormable clickjacking in player card (Report #85624)

Reported to Twitter by @filedescriptor

Description:  In this clickjacking example, it’s possible to set up an attack that can spread from user to user.

Get hacking now in report 85624’s sandbox environment

XXE in Site Audit function exposing file and directory contents (Report #312543)

Reported to SEMRush by @achapman

Description:  This is an XML External Entity vulnerability where hackers can read arbitrary files from the server.

Get hacking now in report 312543’s sandbox environment

RCE by command line argument injection (Report #212696)

Reported to Imgur by @neex

Description:  Get control of the server via a unique command injection.

Get hacking now in report 212696’s sandbox environment

SQL injection (Report #273946)

Reported to Grabtaxi by @jouku

Description:  Track down and exploit a SQL injection vulnerability using sqlmap.

Get hacking now in report 273946’s sandbox environment

Stealing contact form data on hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP (Report #207042)

Reported to HackerOne by @fransrosen

Description:  Work your way to a successful exploitation from this interesting XSS vulnerability.

Get hacking now in report 207042’s sandbox environment

Learn how to hack and level up your skills

It’s never been easier or funner to learn how to hack than it is today with HackerOne’s Hacker101 content and CTF. And it just got even better with these amazing sandbox training resources.

Let us know what you think and how you fair in the latest hacking challenge. Tweet about the hunt, and as always, happy hacking!


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.