FastAPI Cloud
HackerOne • Updated 2024-05-18
Prototype pollution in async workers and GraphQL stitching flaws.
Scope: api.fastapicloud.com, *.fastapicloud.com
Read full brief →ratnews.thexssrat.com is an intentionally vulnerable web application built by The XSS Rat as a safe, legal environment for practising offensive security techniques. You have explicit permission to attack this application. Do not use what you learn here against systems you do not own.
Real bug bounty hunters and penetration testers need live targets to sharpen their skills. This lab mirrors a realistic content-delivery stack — a FastAPI app with a database, user accounts, an admin API, and RSS aggregation — so you can practise against something that behaves like a real application, document your findings, and build a repeatable methodology without any legal risk.
next parameter handling after loginThese programs are curated for ethical hackers who thrive on high-signal findings. Review the scope, align with your lab discoveries, and always follow each platform's disclosure policy.
HackerOne • Updated 2024-05-18
Prototype pollution in async workers and GraphQL stitching flaws.
Scope: api.fastapicloud.com, *.fastapicloud.com
Read full brief →Bugcrowd • Updated 2024-05-22
Dependency confusion, pipeline breakout, and artifact poisoning.
Scope: *.scm.dev, api.scm.dev
Read full brief →Intigriti • Updated 2024-05-17
OAuth misconfigurations, storage isolation, and advanced XSS chains.
Scope: app.securenotes.io, api.securenotes.io
Read full brief →YesWeHack • Updated 2024-05-20
Collector escapes, tenant isolation bugs, and SSRF via exporters.
Scope: *.otelhub.dev
Read full brief →