Root-Me/XSS DOM Based - Introduction·35ptsXSS DOM Based - Introduction — Root-MeWeb client notes for XSS DOM Based - Introduction: XSS variants, CSP bypass narratives, and chaining a UI flaw with an API call the server should have rejected..Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/CSRF 0 protection·35ptsCSRF 0 protection — Root-MeClient-side web challenge CSRF 0 protection.Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/CSP Bypass - Inline code·35ptsCSP Bypass - Inline code — Root-MeFor CSP Bypass - Inline code, the attack surface lives in front-end validation.Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/AST - Deobfuscation·35ptsAST - Deobfuscation — Root-MeClient-side web challenge AST - Deobfuscation.Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/XSS - Stored 1·30ptsXSS - Stored 1 — Root-MeWeb client notes for XSS - Stored 1: XSS variants, CSP bypass narratives, and chaining a UI flaw with an API call the server should have rejected..Webhard#web#root-me#hardMay 26, 2026
Root-Me/Javascript - Obfuscation 3·30ptsJavascript - Obfuscation 3 — Root-MeClient-side web challenge Javascript - Obfuscation 3.Webhard#web#root-me#hardMay 26, 2026
Root-Me/Javascript - Webpack·15ptsJavascript - Webpack — Root-MeFor Javascript - Webpack, the attack surface lives in front-end validation.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/Javascript - Obfuscation 1·10ptsJavascript - Obfuscation 1 — Root-MeFor Javascript - Obfuscation 1, the attack surface lives in front-end validation.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Authentication 2·10ptsJavascript - Authentication 2 — Root-MeClient-side web challenge Javascript - Authentication 2.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Source·5ptsJavascript - Source — Root-MeClient-side web challenge Javascript - Source.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Authentication·5ptsJavascript - Authentication — Root-MeClient-side web challenge Javascript - Authentication.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTML - disabled buttons·5ptsHTML - disabled buttons — Root-MeClient-side web challenge HTML - disabled buttons.Webeasy#web#root-me#easyMay 26, 2026