Spaces:
Sleeping
Sleeping
| spec_version: 1 | |
| name: bug_hunter_env | |
| type: space | |
| runtime: fastapi | |
| app: server.app:app | |
| port: 8000 | |
| tasks: | |
| - id: idor | |
| name: "IDOR Discovery" | |
| description: "Find the hidden admin user profile by exploiting an Insecure Direct Object Reference" | |
| difficulty: easy | |
| max_steps: 10 | |
| - id: sqli | |
| name: "SQL Injection" | |
| description: "Bypass the login form authentication using SQL injection" | |
| difficulty: medium | |
| max_steps: 15 | |
| - id: path_traversal | |
| name: "Path Traversal" | |
| description: "Gain admin access via SQL injection, then bypass the WAF to read sensitive server files" | |
| difficulty: hard | |
| max_steps: 20 | |