πŸ”¬ ATLAS SECURITY LAB

Lab Vulnerabilities

Stored XSS
Comment field renders innerHTML β€” try <img src=x onerror=alert(document.cookie)>
IDOR on Profiles
GET /api/users/[ID] β€” change ID to access any profile
Username Enumeration
Error messages reveal if username exists
CSRF on Follow
POST /follow?uid=X β€” no CSRF token required
OAuth Redirect Flaw
redirect_uri not validated β€” token leak possible
🌸
sara_ah
πŸ–οΈ
travel_k
🌴
nature_s
πŸ”₯
hot_pics
😊
atlas_hacker 2h
🌸
sara_ahmed 4h

Get the app.

πŸ”¬ LAB ACCOUNTS
atlas_hacker / lab123
victim_user1 / password1
admin_ig / admin2024
Any input works β€” local session only
πŸ‘€
atlas_hacker
Atlas Hacker
Suggested for youSee All
πŸ‘€
username
2h
πŸŒ