From 01132a761897ea6b2b35a4322da4ecfc4432c538 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Thu, 7 Dec 2023 01:14:07 -0300
Subject: [PATCH 01/25] deploy.yml

---
 .github/workflows/deploy.yml | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 21c4be73..fc1fe3d7 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,19 +1,28 @@
-name: Deploy Vulnerable Application                                  # workflow name
+name: Deploy Vulnerable Application
+env:
+    VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
+    VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
 
 on:
   push:
     branches:
       - master
+
 jobs:
-  deploy-heroku:
-    name: Deploy Heroku
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: akhileshns/heroku-deploy@v3.12.12 # This is the action
-        with:
-          heroku_api_key: ${{secrets.HEROKU_API_KEY}}
-          heroku_app_name: "app-vulnerable2022" #Must be unique in Heroku
-          heroku_email: "roxsrossve@gmail.com"
-          remote_branch: "master"
-          usedocker: true
+  deploy-vercel:
+        runs-on: ubuntu-latest
+        steps:
+
+            - uses: actions/checkout@v3
+
+            - name: Install Vercel CLI
+              run: npm install --global vercel
+
+            - name: Pull Vercel Environment Information
+              run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
+
+            - name: Build Project Artifacts
+              run: vercel build --prod --token=${{ secrets.VERCEL_TOKEN }}
+
+            - name: Deploy Project Artifacts
+              run: vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }}

From 6f39011e53ac2eacf4488b7bc5c03ed2451b331b Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Thu, 7 Dec 2023 03:12:07 -0300
Subject: [PATCH 02/25] main.html

---
 views/main.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/main.html b/views/main.html
index 3bb33557..e73fbde1 100644
--- a/views/main.html
+++ b/views/main.html
@@ -15,7 +15,7 @@
 
 <div class="main"> 
     <div class="header-container">
-        <h1>EkoParty Hackademy-Vulnerable Web App</h1>
+        <h1>EkoParty Hackademy-Archenzio Vulnerable Web App</h1>
         <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno para tener una idea de cómo funcionan.</h3>
     </div>
     <br> 

From bda69567358dca3cbf78c0da008592c7d8ca61d3 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Thu, 7 Dec 2023 03:12:47 -0300
Subject: [PATCH 03/25] head.html

---
 views/layouts/head.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/layouts/head.html b/views/layouts/head.html
index 1d8f570b..ca32b5fd 100644
--- a/views/layouts/head.html
+++ b/views/layouts/head.html
@@ -1,4 +1,4 @@
-<title>Vulnerable Web App</title>
+<title>Archenzio Vulnerable Web App</title>
 <style>
     @font-face{
         font-family:'Lato-Lig';

From 07fcfb03f6832c3caf7e3140d716183d8db63822 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:32:44 -0300
Subject: [PATCH 04/25] Create docker-publish.yml

---
 .github/workflows/docker-publish.yml | 98 ++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 .github/workflows/docker-publish.yml

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 00000000..3c01fcf0
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,98 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '36 17 * * *'
+  push:
+    branches: [ "master" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "master" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

From 46be542b1a930a81e34c63e99dd31e9560c3cb67 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:36:55 -0300
Subject: [PATCH 05/25] Delete .github/workflows/docker-publish.yml

---
 .github/workflows/docker-publish.yml | 98 ----------------------------
 1 file changed, 98 deletions(-)
 delete mode 100644 .github/workflows/docker-publish.yml

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
deleted file mode 100644
index 3c01fcf0..00000000
--- a/.github/workflows/docker-publish.yml
+++ /dev/null
@@ -1,98 +0,0 @@
-name: Docker
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-on:
-  schedule:
-    - cron: '36 17 * * *'
-  push:
-    branches: [ "master" ]
-    # Publish semver tags as releases.
-    tags: [ 'v*.*.*' ]
-  pull_request:
-    branches: [ "master" ]
-
-env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
-
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
-        with:
-          cosign-release: 'v2.1.1'
-
-      # Set up BuildKit Docker container builder to be able to build
-      # multi-platform images and export cache
-      # https://github.com/docker/setup-buildx-action
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

From 5991a74cbb024a568342814da7d629a75c0821e3 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:38:22 -0300
Subject: [PATCH 06/25] Create docker-image.yml

---
 .github/workflows/docker-image.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/workflows/docker-image.yml

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
new file mode 100644
index 00000000..eac633f6
--- /dev/null
+++ b/.github/workflows/docker-image.yml
@@ -0,0 +1,18 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)

From 4db5ee7a26d3788b3e42f6a62eab536c356d46b4 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:41:09 -0300
Subject: [PATCH 07/25] Create main.html

---
 main.html | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 main.html

diff --git a/main.html b/main.html
new file mode 100644
index 00000000..e73fbde1
--- /dev/null
+++ b/main.html
@@ -0,0 +1,35 @@
+<style>
+    .main{
+        font-family: "Lato-Lig";
+        width: 500px;
+        position: fixed;
+        left: 50%;
+        top: 60px;
+        margin-left: -250px;
+    }
+
+    .header-container{
+        
+    }
+</style>
+
+<div class="main"> 
+    <div class="header-container">
+        <h1>EkoParty Hackademy-Archenzio Vulnerable Web App</h1>
+        <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno para tener una idea de cómo funcionan.</h3>
+    </div>
+    <br> 
+    <ul> 
+        <li><a href="/reflected_xss?foobar=Hello%20world!">Reflected XSS Example 1</a></li>
+        <li><a href="/reflected_xss_2?foo=bar">Reflected XSS Example 2</a></li>
+        <li><a href="/reflected_xss_3?foo=bar">Reflected XSS Example 3</a></li>
+        <li><a href="/stored_xss">Stored XSS Example</a></li>
+        <li><a href="/csrf">CSRF Example</a></li>
+        <li><a href="/fuzzing/fuzz.html">Fuzzing</a></li>
+        <li><a href="/auth_bypass">Authentication Bypass</a></li>
+        <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
+        <li><a href="/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
+        <li><a href="/rce">Injections and remote code execution</a></li>
+        <li><a href="/general?foo=a">Mixed topics</a></li>
+    </ul>
+</div>

From c4d21e40c371271bbc9bb038872999525af0865d Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:43:15 -0300
Subject: [PATCH 08/25] Rename main.html to index.html

---
 main.html => index.html | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename main.html => index.html (100%)

diff --git a/main.html b/index.html
similarity index 100%
rename from main.html
rename to index.html

From 1e6734db852cf3766e8f5a6f3d9d3e2db3a4d234 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:46:34 -0300
Subject: [PATCH 09/25] Create head.html

---
 head.html | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 head.html

diff --git a/head.html b/head.html
new file mode 100644
index 00000000..ca32b5fd
--- /dev/null
+++ b/head.html
@@ -0,0 +1,22 @@
+<title>Archenzio Vulnerable Web App</title>
+<style>
+    @font-face{
+        font-family:'Lato-Lig';
+        src: url('/static/fonts/Lato-Lig.ttf') format('truetype');
+        font-weight:400;
+        font-style:normal
+    }
+
+    @font-face{
+        font-family:'Lato-Reg';
+        src: url('/static/fonts/Lato-Reg.ttf') format('truetype');
+        font-weight:400;
+        font-style:normal
+    }
+
+    body{
+        font-family: "Lato-Reg";
+    }
+</style>
+
+{{{body}}}

From 4775c7465796337969c11dd6c7d7c76b4e7a2059 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:49:39 -0300
Subject: [PATCH 10/25] Create general.html

---
 general.html | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 general.html

diff --git a/general.html b/general.html
new file mode 100644
index 00000000..6e2384b8
--- /dev/null
+++ b/general.html
@@ -0,0 +1,60 @@
+<script src="/static/foobar1.js"></script>
+
+<script>
+    var t = new XMLHttpRequest(); 
+    t.open("POST", "/csrf_protected_form", true);
+    t.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')
+    t.send("recoveryemail=benbitdiddle@mit.edu&csrf_token=f01f3546db1730f866182c2035511010");
+</script>
+
+Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque hendrerit tempor luctus. Duis commodo velit id odio porta commodo. Ut suscipit, diam vitae aliquam tristique, leo urna interdum arcu, sed imperdiet ante libero id felis. Curabitur velit ante, pellentesque sit amet orci ut, rhoncus sollicitudin nisi. Morbi feugiat lectus eu nisl semper, vel vehicula sem luctus. Quisque semper vestibulum tempor. Vestibulum nec tellus in sapien finibus faucibus id sit amet magna. Nam venenatis at justo et consequat.
+<br><br>
+Fusce tempor tincidunt luctus. Proin porta viverra arcu nec commodo. Duis auctor lacus ac tellus lobortis, id fringilla nisl efficitur. Aenean convallis nulla non purus bibendum condimentum ac iaculis ligula. Quisque non dolor nulla. Nullam id mi lorem. Nullam convallis leo non mollis ultricies.
+<br<br>>
+Praesent vehicula at nisl at faucibus. Nulla mattis, libero quis cursus tempor, neque velit tincidunt risus, et tristique urna dui eget mi. Maecenas non orci id mauris venenatis tristique. Sed quis iaculis tellus. Cras convallis ac orci sit amet elementum. Sed venenatis diam ut quam pretium rutrum. Morbi semper pretium rhoncus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc accumsan neque non euismod luctus. Vestibulum aliquet vehicula ipsum eget cursus. Nulla a risus vel eros gravida suscipit vitae ornare orci. Donec tincidunt orci ipsum, non tincidunt lacus aliquet ut.
+<br><br>
+
+<center>
+<img src="/static/image1.png" height="75px;">
+</center>
+
+<div class="{{payload}}">
+Sed ut placerat ligula, et feugiat dui. Aenean sapien est, varius et pharetra et, mollis a turpis. Quisque viverra quam a mattis porttitor. Praesent nec commodo massa, in tristique urna. Nullam non elit nec leo congue accumsan vel et massa. Sed vitae lacinia ipsum. Duis sit amet ipsum nec nunc posuere tincidunt id sit amet urna. Etiam molestie mollis erat eget varius. Pellentesque eleifend metus vel tellus suscipit viverra. Nam hendrerit quis orci et convallis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Duis at neque sed augue fringilla pharetra. Nullam viverra venenatis bibendum. Integer sit amet porttitor dui. Nulla vehicula quis est in maximus. Maecenas in mauris quis erat tincidunt consequat at non metus.
+</div>
+<br><br>
+Nulla dictum nisl sit amet purus commodo, non scelerisque lectus mollis. Phasellus augue felis, pretium at porttitor eget, volutpat in diam. Curabitur at massa eu nibh facilisis rhoncus. Curabitur luctus tincidunt mauris. Donec a nunc eget erat dapibus tempus. Ut feugiat aliquet lorem, ac tempus felis dapibus eget. Sed fringilla metus metus, quis porta lorem scelerisque ac. Nullam aliquet magna vel elit ultrices, aliquam suscipit urna pellentesque. Suspendisse potenti. Quisque aliquam urna erat. Pellentesque eu viverra diam. Nunc elementum velit sit amet rutrum aliquam. Integer vel egestas elit, eget luctus urna. Suspendisse quis nunc quis ipsum elementum {{payload}} posuere.
+<br><br><br>
+Sed vitae dui vulputate, porttitor libero non, lacinia dolor. Morbi semper massa eu vulputate posuere. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Suspendisse blandit lacinia ultrices. Morbi feugiat augue nisl, auctor tristique odio tristique sit amet. Sed mattis commodo lobortis. Nulla molestie, ex in pretium vulputate, enim erat ultrices ligula, eu vehicula massa libero id sapien. Ut ornare, tellus vitae lobortis fermentum, erat massa congue ex, sit amet placerat leo erat ut tellus. Nam consequat magna tellus, vel elementum ex vulputate sed. Morbi gravida, elit et consectetur placerat, lacus arcu tempor purus, vitae consequat ligula diam id justo.
+<br><br>
+Mauris suscipit tellus maximus eros congue, quis consectetur lorem malesuada. Nullam auctor ullamcorper purus. Etiam volutpat est a justo dictum elementum. Ut pulvinar elit convallis, porta quam nec, tempus orci. Aliquam id luctus purus. Praesent consectetur nulla ut lectus consectetur imperdiet. Donec urna libero, tristique quis arcu non, imperdiet ullamcorper dolor. Quisque tempor dui non risus pellentesque, id bibendum erat accumsan. Sed eleifend pretium nulla. Integer iaculis et metus in porttitor. Aenean a neque ultrices, blandit sapien in, posuere risus. Maecenas condimentum mi quis fringilla suscipit. Aliquam dapibus finibus turpis a ullamcorper. {{payload}} Nunc fringilla quam id accumsan tempus. Ut in quam vel lacus finibus maximus.
+<br><br>
+<p>
+<input placeholder="{{payload}}">
+Nulla id luctus turpis. Aenean ac pulvinar erat. In rhoncus sit amet leo et consectetur. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Morbi vehicula venenatis lorem. Pellentesque justo elit, suscipit vel luctus viverra, suscipit quis sapien. Nam lacinia tempor ipsum nec rutrum. Proin et maximus felis, ut consequat libero. Proin eget ornare nunc. Integer at iaculis augue. Phasellus et mauris odio. Morbi a tellus eget nisi dictum semper. Nullam dictum augue non sapien sagittis, eget ullamcorper massa eleifend. Proin quis euismod orci, ut laoreet purus. Nulla iaculis venenatis euismod.
+</p>
+
+<b>
+Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Cras eu dui a arcu sodales facilisis. In nulla libero, lobortis nec ornare ut, condimentum sagittis velit. Donec vulputate sed justo nec gravida. Sed accumsan mi ac turpis dictum, a vulputate lacus tempor. Quisque vestibulum diam ac quam rutrum eleifend. Nam egestas dolor leo, vel placerat sem aliquet eget. Etiam at ultrices augue. Quisque finibus tempus venenatis. Fusce sed odio elit. Donec ac ipsum a ipsum varius ultrices in sed lacus. Aenean quis elementum dolor. Pellentesque nunc leo, tempus ac augue sed, mollis feugiat nisi.
+</b>
+<br><br>
+Nullam mattis arcu sapien, sed mollis urna volutpat eget. Fusce mauris ante, scelerisque quis placerat viverra, convallis eu tortor. In placerat ante massa. Quisque cursus tincidunt accumsan. Sed sed posuere nisl, quis porttitor augue. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Donec sit amet magna ut dui laoreet ullamcorper et ac neque. Donec vel massa sit amet lorem semper ultrices. Morbi tincidunt a velit sed faucibus. Quisque commodo ex sed mattis dignissim. Integer quis mi in tortor volutpat volutpat. Etiam ullamcorper ligula est, et rutrum lorem aliquam in.
+
+Donec leo leo, consequat id purus in, placerat tempor massa. Duis elementum quam ut convallis ullamcorper. Praesent dapibus libero vitae eros fermentum tincidunt. Vivamus rhoncus sapien sit amet convallis placerat. Mauris in convallis eros. In fringilla consectetur tempus. Aliquam malesuada molestie lobortis. Vivamus ut vestibulum felis. Pellentesque id nisi a justo pharetra accumsan vitae placerat lectus. Sed mauris mauris, pulvinar a nulla mattis, tincidunt eleifend nisi. Quisque eget laoreet orci.
+
+<div name='{{{payload}}}'>Ut porta erat non condimentum sodales. Vivamus et ultricies sem. Aenean sit amet fermentum leo, id dapibus ligula. Quisque ultrices vulputate neque, eu semper ipsum dictum eu. Pellentesque sagittis a mi vel sodales. Cras aliquet elit ac turpis venenatis blandit. Donec aliquam fringilla tristique. Cras fermentum dui ac nulla scelerisque, eget commodo sem imperdiet. Sed imperdiet tortor ac lacus fringilla cursus. Aenean leo turpis, sodales nec ligula eget, placerat mattis nunc. Nullam ut sodales risus, nec placerat lacus. Nulla iaculis in nisi facilisis auctor.</div>
+<br><br>
+Duis ut vehicula nunc. Nullam sagittis interdum lectus eu tempus. Duis lacinia facilisis leo. Cras nec orci quis libero maximus accumsan sit amet eu sapien. Maecenas convallis risus non neque ultricies volutpat. Nam lectus nisi, sollicitudin vitae venenatis sed, accumsan vel sem. Maecenas pharetra velit augue, id sollicitudin magna suscipit a. Nunc sollicitudin elit quis nibh egestas commodo. Proin blandit, lorem ac efficitur fringilla, diam ante facilisis nisl, in semper orci odio id quam. Integer viverra eu neque mollis gravida. Nullam congue, magna sed vehicula feugiat, ex massa ultricies eros, a finibus enim nunc et nulla. Maecenas placerat est a justo consequat, at congue orci pellentesque. Praesent gravida cursus risus, et scelerisque augue tempus sed. Pellentesque elementum, justo at luctus posuere, dui orci lacinia ligula, id sollicitudin metus sem quis arcu.
+<br><br>
+<div id="{{payload}}">In massa urna, malesuada eget tristique sed, fringilla nec turpis. Nullam semper orci neque, sed bibendum sem aliquet sed. Integer enim quam, pulvinar in varius vitae, dictum ac enim. Pellentesque accumsan, ante lobortis pharetra lacinia, libero odio gravida neque, id laoreet lectus velit ut est. Sed elementum eros a eros pharetra aliquam eget vitae lectus. Vestibulum in urna augue. Nam rhoncus eleifend mauris quis tincidunt. Integer et diam ligula. Donec congue lacus at egestas placerat. Duis iaculis magna in purus pellentesque tincidunt. Suspendisse pulvinar magna eget laoreet consectetur. Vestibulum quis ornare est. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.</div>
+<br><br>
+Aliquam arcu massa, mollis in felis sit amet, ultricies tristique ipsum. Aliquam scelerisque ornare aliquet. Donec tortor lacus, venenatis viverra nisi quis, sodales tempor odio. Nulla vitae velit aliquam, ornare leo vel, blandit risus. Suspendisse potenti. Nam lacinia elementum nisl in eleifend. Fusce sed porttitor ipsum, non fermentum leo. Aenean nulla magna, maximus in arcu ut, accumsan maximus nisl. Pellentesque eleifend faucibus est a pellentesque. Mauris rutrum volutpat metus vel porttitor. Nulla eleifend libero ac rhoncus pretium. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque venenatis vulputate ex et consectetur. Sed et lectus vel sem lacinia dignissim in vitae sapien.
+<br><br>
+Nunc at sapien nulla. Donec eget suscipit est. Vestibulum mollis lacus libero, sit amet sollicitudin augue posuere at. Donec bibendum est eget aliquam pretium. Ut nec lectus volutpat, suscipit nunc in, luctus nunc. Nulla convallis nulla non erat tempus, non malesuada metus fringilla. Mauris facilisis scelerisque auctor.
+<br><br>
+Phasellus malesuada finibus eros nec ultricies. Quisque ut lorem molestie, interdum ante vitae, varius quam. Suspendisse accumsan, velit non convallis imperdiet, est libero varius neque, id aliquet quam massa sed ex. Etiam dignissim cursus dui eget congue. Nunc elementum elit eget purus euismod tincidunt. Aenean fermentum pulvinar consectetur. Donec laoreet enim porta erat facilisis vulputate. Vestibulum eget metus molestie, consectetur sapien sit amet, sagittis velit. Etiam nec turpis porttitor, faucibus erat sed, eleifend mauris. Pellentesque sed vehicula leo, sed ornare velit. Fusce a nisl egestas purus imperdiet auctor id nec lacus. Etiam nec mi vitae ante sollicitudin rhoncus. Integer finibus, dolor vitae sodales placerat, urna erat tempus metus, a ullamcorper urna odio id lorem. Duis suscipit metus vel elementum finibus. Morbi vel arcu tincidunt, facilisis massa a, ornare risus.
+<br><br>
+Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc imperdiet sapien lacus, a egestas est vulputate ut. Quisque eu metus et enim pharetra commodo. Proin hendrerit congue turpis a feugiat. Sed vitae tellus risus. Nam faucibus mauris non elementum dictum. Duis mollis, magna in porttitor suscipit, purus felis varius risus, eget pellentesque dolor tellus et purus. In mauris tellus, aliquet vel nulla eget, imperdiet commodo felis. Nullam consectetur diam at tempus egestas. Donec ipsum ligula, ultrices nec finibus vitae, ultricies ac neque. Donec a urna at est imperdiet consectetur vitae at lacus. Praesent pretium mollis eros tempor scelerisque. Ut fringilla luctus urna vel ultrices. Donec elementum molestie libero, euismod dictum ligula maximus sit amet. Morbi gravida dignissim ipsum ut tincidunt. Praesent non mattis mauris, nec mattis felis.
+
+Nullam finibus, purus non accumsan sagittis, quam urna lacinia massa, et gravida turpis leo id ipsum. Maecenas dui tortor, commodo nec suscipit ut, efficitur sit amet augue. Mauris gravida feugiat justo non commodo. Quisque in condimentum justo, vitae placerat lorem. Morbi ac lobortis leo. Nam rutrum, sem at semper sollicitudin, orci libero elementum metus, nec imperdiet erat nibh gravida nunc. Pellentesque condimentum porta ante ac porttitor. Phasellus maximus, nisl quis mollis facilisis, dui odio viverra leo, sit amet posuere sapien ligula vitae augue. Aliquam ut egestas purus. Vivamus lacus lorem, hendrerit et eros vitae, vehicula aliquam leo. Nullam rhoncus placerat massa ac semper.
+<br>
+Pellentesque cursus metus tortor, a pulvinar lectus semper eu. Vestibulum vehicula justo ac ipsum iaculis feugiat. Nulla ac tortor vitae eros mattis vulputate id vehicula neque. In vel risus sodales, eleifend ex non, malesuada mauris. Nam tincidunt odio nunc, pellentesque laoreet urna malesuada vel. Sed vitae aliquam tortor. Suspendisse consectetur magna vitae erat blandit eleifend. Etiam massa sapien, vehicula non augue at, ullamcorper laoreet felis. Sed eu eleifend sem. Fusce blandit erat elit, in fermentum quam viverra ac. Duis aliquam dolor euismod elit suscipit lobortis. Ut vel metus blandit, venenatis erat eget, pharetra massa. Vestibulum et consectetur leo.

From 77a47398c511ef2ad00ab57341ab7be1572bae73 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:53:55 -0300
Subject: [PATCH 11/25] Create auth_bypass.html

---
 auth_bypass.html | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 auth_bypass.html

diff --git a/auth_bypass.html b/auth_bypass.html
new file mode 100644
index 00000000..e5a65e3f
--- /dev/null
+++ b/auth_bypass.html
@@ -0,0 +1,7 @@
+<script src="/static/banusers.js"></script>
+
+Authentication bypass can occur in any scenario on a website where content or API routes are not intended to be available to you.
+<br><br>
+For example, if you were an admin you would see a button below that allows you to ban any user! I have completely removed the button from this page, but did I forget to block the API endpoint from normal users?
+<br><br>
+Maybe I should check the network inspector...

From 308d7949e5f48c40295f015ec9aea213bc80f829 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:01:54 -0300
Subject: [PATCH 12/25] Create stored.html

---
 stored.html | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 stored.html

diff --git a/stored.html b/stored.html
new file mode 100644
index 00000000..bd32c857
--- /dev/null
+++ b/stored.html
@@ -0,0 +1,6 @@
+{{{payload}}}
+<br><br>
+<form action="/stored_xss" method="POST">
+    <input name="stored_payload">
+    <input type="submit">
+</form>

From 4b7d5cc7f0379d99c2243152a3e2dcdfb126708d Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:11:23 -0300
Subject: [PATCH 13/25] Create csrf.html

---
 csrf.html | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 csrf.html

diff --git a/csrf.html b/csrf.html
new file mode 100644
index 00000000..32e5143c
--- /dev/null
+++ b/csrf.html
@@ -0,0 +1,16 @@
+This form changes your bank account number! Any payments you receive through this site will be sent to this account number- if an attacker could figure out how to change it, your payments would be sent to them instead.
+
+<br><br>
+
+<form action="/csrf" method="POST">
+    <input name="account_number" placeholder="Change your account #">
+    <input type="submit">
+</form>
+
+<br><br>
+Your current account number is: {{account_number}}
+
+<br><br><br>
+If you're stuck, visit this codepen page. It uses a valid CSRF attack, and will change your account number the moment you load the page:
+<br><br>
+<a href="http://codepen.io/anon/pen/XXgeqP" target="blank">http://codepen.io/anon/pen/XXgeqP</a>

From d451c6f2d7ee2d75c5f9941e7173a0f6c4333481 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:22:38 -0300
Subject: [PATCH 14/25] Update index.html

---
 index.html | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/index.html b/index.html
index e73fbde1..fe7a3c90 100644
--- a/index.html
+++ b/index.html
@@ -20,16 +20,16 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
     </div>
     <br> 
     <ul> 
-        <li><a href="/reflected_xss?foobar=Hello%20world!">Reflected XSS Example 1</a></li>
-        <li><a href="/reflected_xss_2?foo=bar">Reflected XSS Example 2</a></li>
-        <li><a href="/reflected_xss_3?foo=bar">Reflected XSS Example 3</a></li>
-        <li><a href="/stored_xss">Stored XSS Example</a></li>
-        <li><a href="/csrf">CSRF Example</a></li>
-        <li><a href="/fuzzing/fuzz.html">Fuzzing</a></li>
-        <li><a href="/auth_bypass">Authentication Bypass</a></li>
+        <li><a href="/views/reflected_xss?foobar=Hello%20world!">Reflected XSS Example 1</a></li>
+        <li><a href="/views/reflected_xss_2?foo=bar">Reflected XSS Example 2</a></li>
+        <li><a href="/views/reflected_xss_3?foo=bar">Reflected XSS Example 3</a></li>
+        <li><a href="/views/stored_xss">Stored XSS Example</a></li>
+        <li><a href="/views/csrf">CSRF Example</a></li>
+        <li><a href="/views/fuzz.html">Fuzzing</a></li>
+        <li><a href="/views/auth_bypass">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
         <li><a href="/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/rce">Injections and remote code execution</a></li>
-        <li><a href="/general?foo=a">Mixed topics</a></li>
+        <li><a href="/views/general?foo=a">Mixed topics</a></li>
     </ul>
 </div>

From 96815098ad446cd0a35e3864a4c6d1a9b4e5b69a Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:29:18 -0300
Subject: [PATCH 15/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index fe7a3c90..b2d75fc9 100644
--- a/index.html
+++ b/index.html
@@ -30,6 +30,6 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
         <li><a href="/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/rce">Injections and remote code execution</a></li>
-        <li><a href="/views/general?foo=a">Mixed topics</a></li>
+        <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>
 </div>

From 7490546fac6d9fbbea08b241c756ccc4b057e8b7 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:35:52 -0300
Subject: [PATCH 16/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index b2d75fc9..dc7e24cb 100644
--- a/index.html
+++ b/index.html
@@ -29,7 +29,7 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/auth_bypass">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
         <li><a href="/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
-        <li><a href="/rce">Injections and remote code execution</a></li>
+        <li><a href="/views/rce.html">Injections and remote code execution</a></li>
         <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>
 </div>

From 871da9fd39f48768a5edf3f8e2434ec03e7b2432 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:40:51 -0300
Subject: [PATCH 17/25] Update index.html

---
 index.html | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/index.html b/index.html
index dc7e24cb..dfe16123 100644
--- a/index.html
+++ b/index.html
@@ -20,13 +20,13 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
     </div>
     <br> 
     <ul> 
-        <li><a href="/views/reflected_xss?foobar=Hello%20world!">Reflected XSS Example 1</a></li>
-        <li><a href="/views/reflected_xss_2?foo=bar">Reflected XSS Example 2</a></li>
-        <li><a href="/views/reflected_xss_3?foo=bar">Reflected XSS Example 3</a></li>
-        <li><a href="/views/stored_xss">Stored XSS Example</a></li>
-        <li><a href="/views/csrf">CSRF Example</a></li>
+        <li><a href="/views/reflected.html?foobar=Hello%20world!">Reflected XSS Example 1</a></li>
+        <li><a href="/views/reflected1.html?foo=bar">Reflected XSS Example 2</a></li>
+        <li><a href="/views/reflected2.html?foo=bar">Reflected XSS Example 3</a></li>
+        <li><a href="/views/stored.html">Stored XSS Example</a></li>
+        <li><a href="/views/csrf.html">CSRF Example</a></li>
         <li><a href="/views/fuzz.html">Fuzzing</a></li>
-        <li><a href="/views/auth_bypass">Authentication Bypass</a></li>
+        <li><a href="/views/auth_bypass.html">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
         <li><a href="/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/views/rce.html">Injections and remote code execution</a></li>

From c95d079efa6f977f6c8e9566f24e3548e9860ece Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:43:36 -0300
Subject: [PATCH 18/25] Delete auth_bypass.html

---
 auth_bypass.html | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100644 auth_bypass.html

diff --git a/auth_bypass.html b/auth_bypass.html
deleted file mode 100644
index e5a65e3f..00000000
--- a/auth_bypass.html
+++ /dev/null
@@ -1,7 +0,0 @@
-<script src="/static/banusers.js"></script>
-
-Authentication bypass can occur in any scenario on a website where content or API routes are not intended to be available to you.
-<br><br>
-For example, if you were an admin you would see a button below that allows you to ban any user! I have completely removed the button from this page, but did I forget to block the API endpoint from normal users?
-<br><br>
-Maybe I should check the network inspector...

From 7cd12c1d07a9be1c4a14c39a70ea68d0aaeba4b5 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:43:56 -0300
Subject: [PATCH 19/25] Delete stored.html

---
 stored.html | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 stored.html

diff --git a/stored.html b/stored.html
deleted file mode 100644
index bd32c857..00000000
--- a/stored.html
+++ /dev/null
@@ -1,6 +0,0 @@
-{{{payload}}}
-<br><br>
-<form action="/stored_xss" method="POST">
-    <input name="stored_payload">
-    <input type="submit">
-</form>

From a3c2cdd1b68c4ffe5df77d620893c2665149e572 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:44:12 -0300
Subject: [PATCH 20/25] Delete csrf.html

---
 csrf.html | 16 ----------------
 1 file changed, 16 deletions(-)
 delete mode 100644 csrf.html

diff --git a/csrf.html b/csrf.html
deleted file mode 100644
index 32e5143c..00000000
--- a/csrf.html
+++ /dev/null
@@ -1,16 +0,0 @@
-This form changes your bank account number! Any payments you receive through this site will be sent to this account number- if an attacker could figure out how to change it, your payments would be sent to them instead.
-
-<br><br>
-
-<form action="/csrf" method="POST">
-    <input name="account_number" placeholder="Change your account #">
-    <input type="submit">
-</form>
-
-<br><br>
-Your current account number is: {{account_number}}
-
-<br><br><br>
-If you're stuck, visit this codepen page. It uses a valid CSRF attack, and will change your account number the moment you load the page:
-<br><br>
-<a href="http://codepen.io/anon/pen/XXgeqP" target="blank">http://codepen.io/anon/pen/XXgeqP</a>

From 788bb4e527a1ff1cf9338e314d364e038e4424cf Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:59:59 -0300
Subject: [PATCH 21/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index dfe16123..eed7153f 100644
--- a/index.html
+++ b/index.html
@@ -28,7 +28,7 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/fuzz.html">Fuzzing</a></li>
         <li><a href="/views/auth_bypass.html">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
-        <li><a href="/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
+        <li><a href="/views/indor_bad.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/views/rce.html">Injections and remote code execution</a></li>
         <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>

From 611dd7bde0a6b78ccc45eae5dc666c867ad8d241 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 22:04:00 -0300
Subject: [PATCH 22/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index eed7153f..d00cc88a 100644
--- a/index.html
+++ b/index.html
@@ -28,7 +28,7 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/fuzz.html">Fuzzing</a></li>
         <li><a href="/views/auth_bypass.html">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
-        <li><a href="/views/indor_bad.html">Insecure Direct Object Reference (IDOR)</a></li>
+        <li><a href="/views/indor.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/views/rce.html">Injections and remote code execution</a></li>
         <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>

From e6abb281a8638b78dc8c539ce23776252adf66b8 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 22:13:45 -0300
Subject: [PATCH 23/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index d00cc88a..2b152e47 100644
--- a/index.html
+++ b/index.html
@@ -28,7 +28,7 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/fuzz.html">Fuzzing</a></li>
         <li><a href="/views/auth_bypass.html">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
-        <li><a href="/views/indor.html">Insecure Direct Object Reference (IDOR)</a></li>
+        <li><a href="/views/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/views/rce.html">Injections and remote code execution</a></li>
         <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>

From 28b7d308be2829bc99cd93e380d775d6c808cf99 Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 22:17:34 -0300
Subject: [PATCH 24/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 2b152e47..e76859c6 100644
--- a/index.html
+++ b/index.html
@@ -28,7 +28,7 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/fuzz.html">Fuzzing</a></li>
         <li><a href="/views/auth_bypass.html">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
-        <li><a href="/views/private_pages/123/document.html">Insecure Direct Object Reference (IDOR)</a></li>
+        <li><a href="/views/private_pages/123/idor.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/views/rce.html">Injections and remote code execution</a></li>
         <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>

From f94a548d3c44e69c123179d3c3c9bc5f7414ba4c Mon Sep 17 00:00:00 2001
From: Rodox78 <150645623+Rodox78@users.noreply.github.com>
Date: Sun, 10 Dec 2023 22:19:17 -0300
Subject: [PATCH 25/25] Update index.html

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index e76859c6..da72663f 100644
--- a/index.html
+++ b/index.html
@@ -28,7 +28,7 @@ <h3>Cada Link contiene vulnerabilidades intencionalmente. Juega con cada uno par
         <li><a href="/views/fuzz.html">Fuzzing</a></li>
         <li><a href="/views/auth_bypass.html">Authentication Bypass</a></li>
         <li><a href="/views/directory_traversal.html">Directory Traversal</a></li>
-        <li><a href="/views/private_pages/123/idor.html">Insecure Direct Object Reference (IDOR)</a></li>
+        <li><a href="/views/idor.html">Insecure Direct Object Reference (IDOR)</a></li>
         <li><a href="/views/rce.html">Injections and remote code execution</a></li>
         <li><a href="/views/general.html?foo=a">Mixed topics</a></li>
     </ul>