The Fusion Vault
Break through the layers of security to access the vault's core!
Stage 1: The IDOR Lock
You have been authenticated as a user. Your user ID is user-101. Find a way to view the admin's page.
Stage 2: Reflected XSS
Welcome, Admin! Your session token is displayed below. The system is scanning your search query. Find a way to steal the token.
Hello, Admin! Your search results for:
Stage 3: The Timing Lock
The password is checked one character at a time, taking a small amount of time for each correct one. Use a timing attack to find it.
Stage 4: The Final Lock
The final vault key is a variable hidden in the source. You'll need to inject code that passes the scanner's filter.
Your search result:
🎉 Vault Unlocked!
You have successfully found all four keys. The vault is open!
Final Passcode: