{"status":"success","data":[{"id":1,"key":"passwordHashLeakChallenge","name":"Password Hash Leak","category":"Sensitive Data Exposure","tags":null,"description":"Obtain the password (hash) of the currently logged-in user directly from a REST API endpoint.","difficulty":2,"mitigationUrl":"https://owasp.org/API-Security/editions/2019/en/0xa3-excessive-data-exposure","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.086Z","updatedAt":"2026-03-13T16:14:26.086Z","ChallengeDependencies":[]},{"id":2,"key":"restfulXssChallenge","name":"API-only XSS","category":"XSS","tags":"Danger Zone,With Coding Challenge","description":"Perform a <i>persisted</i> XSS attack with <code>&lt;iframe src=\"javascript:alert(`xss`)\"&gt;</code> without using the frontend application at all. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.086Z","updatedAt":"2026-03-13T16:14:26.086Z","ChallengeDependencies":[]},{"id":3,"key":"accessLogDisclosureChallenge","name":"Access Log","category":"Observability Failures","tags":"With Coding Challenge","description":"Gain access to any access log file of the server.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.087Z","updatedAt":"2026-03-13T16:14:26.087Z","ChallengeDependencies":[]},{"id":4,"key":"registerAdminChallenge","name":"Admin Registration","category":"Improper Input Validation","tags":"With Coding Challenge","description":"Register as a user with administrator privileges.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":2,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.087Z","updatedAt":"2026-03-13T16:14:33.537Z","ChallengeDependencies":[]},{"id":5,"key":"adminSectionChallenge","name":"Admin Section","category":"Broken Access Control","tags":"Good for Demos,With Coding Challenge","description":"Access the administration section of the store.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":8,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.087Z","updatedAt":"2026-03-13T16:14:33.520Z","ChallengeDependencies":[]},{"id":6,"key":"fileWriteChallenge","name":"Arbitrary File Write","category":"Vulnerable Components","tags":"Danger Zone,Prerequisite","description":"Overwrite the <a href=\"/ftp/legal.md\">Legal Information</a> file. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.087Z","updatedAt":"2026-03-13T16:14:26.087Z","ChallengeDependencies":[]},{"id":7,"key":"resetPasswordBjoernOwaspChallenge","name":"Bjoern's Favorite Pet","category":"Broken Authentication","tags":"OSINT,With Coding Challenge","description":"Reset the password of Bjoern's OWASP account via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.087Z","updatedAt":"2026-03-13T16:14:26.087Z","ChallengeDependencies":[]},{"id":8,"key":"tokenSaleChallenge","name":"Blockchain Hype","category":"Security through Obscurity","tags":"Contraption,Code Analysis,Web3,With Coding Challenge","description":"Learn about the Token Sale before its official announcement.","difficulty":5,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.087Z","updatedAt":"2026-03-13T16:14:26.087Z","ChallengeDependencies":[]},{"id":9,"key":"nftUnlockChallenge","name":"NFT Takeover","category":"Sensitive Data Exposure","tags":"Contraption,Good for Demos,Web3,With Coding Challenge","description":"Take over the wallet containing our official Soul Bound Token (NFT).","difficulty":2,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[]},{"id":10,"key":"nftMintChallenge","name":"Mint the Honey Pot","category":"Improper Input Validation","tags":"Web3,With Coding Challenge,Requires Alchemy API Key,Requires Alchemy API","description":"Mint the Honey Pot NFT by gathering BEEs from the bee haven.","difficulty":3,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[{"ChallengeId":10,"id":2,"name":"Alchemy API","documentation":"https://howto-web3.owasp-juice.shop","key":"https://www.alchemy.com/","missing":false,"createdAt":"2026-03-13T16:14:26.220Z","updatedAt":"2026-03-13T16:14:26.220Z"},{"ChallengeId":10,"id":1,"name":"Alchemy API Key","documentation":"https://howto-web3.owasp-juice.shop","key":"ALCHEMY_API_KEY","missing":true,"createdAt":"2026-03-13T16:14:26.220Z","updatedAt":"2026-03-13T16:14:26.220Z"}]},{"id":11,"key":"web3WalletChallenge","name":"Wallet Depletion","category":"Miscellaneous","tags":"Web3,With Coding Challenge,Requires Alchemy API Key,Requires Alchemy API","description":"Withdraw more ETH from the new wallet than you deposited.","difficulty":6,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[{"ChallengeId":11,"id":4,"name":"Alchemy API","documentation":"https://howto-web3.owasp-juice.shop","key":"https://www.alchemy.com/","missing":false,"createdAt":"2026-03-13T16:14:26.228Z","updatedAt":"2026-03-13T16:14:26.228Z"},{"ChallengeId":11,"id":3,"name":"Alchemy API Key","documentation":"https://howto-web3.owasp-juice.shop","key":"ALCHEMY_API_KEY","missing":true,"createdAt":"2026-03-13T16:14:26.228Z","updatedAt":"2026-03-13T16:14:26.228Z"}]},{"id":12,"key":"web3SandboxChallenge","name":"Web3 Sandbox","category":"Broken Access Control","tags":"Web3,With Coding Challenge","description":"Find an accidentally deployed code sandbox for writing smart contracts on the fly.","difficulty":1,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[]},{"id":13,"key":"rceChallenge","name":"Blocked RCE DoS","category":"Insecure Deserialization","tags":"Danger Zone","description":"Perform a Remote Code Execution that would keep a less hardened application busy <em>forever</em>. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[]},{"id":14,"key":"captchaBypassChallenge","name":"CAPTCHA Bypass","category":"Broken Anti Automation","tags":"Brute Force","description":"Submit 10 or more customer feedbacks within 20 seconds.","difficulty":3,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[]},{"id":15,"key":"changePasswordBenderChallenge","name":"Change Bender's Password","category":"Broken Authentication","tags":null,"description":"Change Bender's password into <i>slurmCl4ssic</i> without using SQL Injection or Forgot Password.","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.088Z","updatedAt":"2026-03-13T16:14:26.088Z","ChallengeDependencies":[]},{"id":16,"key":"christmasSpecialChallenge","name":"Christmas Special","category":"Injection","tags":null,"description":"Order the Christmas special offer of 2014.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":17,"key":"usernameXssChallenge","name":"CSP Bypass","category":"XSS","tags":"Danger Zone","description":"Bypass the Content Security Policy and perform an XSS attack with <code>&lt;script&gt;alert(`xss`)&lt;/script&gt;</code> on a legacy page within the application. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":18,"key":"persistedXssUserChallenge","name":"Client-side XSS Protection","category":"XSS","tags":"Danger Zone","description":"Perform a <i>persisted</i> XSS attack with <code>&lt;iframe src=\"javascript:alert(`xss`)\"&gt;</code> bypassing a <i>client-side</i> security mechanism. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":19,"key":"directoryListingChallenge","name":"Confidential Document","category":"Sensitive Data Exposure","tags":"Good for Demos,With Coding Challenge","description":"Access a confidential document.","difficulty":1,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:33.520Z","ChallengeDependencies":[]},{"id":20,"key":"localXssChallenge","name":"DOM XSS","category":"XSS","tags":"Tutorial,Good for Demos,With Coding Challenge","description":"Perform a <i>DOM</i> XSS attack with <code>&lt;iframe src=\"javascript:alert(`xss`)\"&gt;</code>.","difficulty":1,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":2,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":21,"key":"dbSchemaChallenge","name":"Database Schema","category":"Injection","tags":"With Coding Challenge","description":"Exfiltrate the entire DB schema definition via SQL Injection.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":22,"key":"deprecatedInterfaceChallenge","name":"Deprecated Interface","category":"Security Misconfiguration","tags":"Contraption,Prerequisite","description":"Use a deprecated B2B interface that was not properly shut down.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":23,"key":"easterEggLevelOneChallenge","name":"Easter Egg","category":"Broken Access Control","tags":"Shenanigans,Contraption,Good for Demos","description":"Find the hidden <a href=\"https://en.wikipedia.org/wiki/Easter_egg_(media)\" target=\"_blank\">easter egg</a>.","difficulty":4,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":24,"key":"emailLeakChallenge","name":"Email Leak","category":"Sensitive Data Exposure","tags":null,"description":"Perform an unwanted information disclosure by accessing data cross-domain.","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/XS_Leaks_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.089Z","updatedAt":"2026-03-13T16:14:26.089Z","ChallengeDependencies":[]},{"id":25,"key":"emptyUserRegistration","name":"Empty User Registration","category":"Improper Input Validation","tags":null,"description":"Register a user with an empty email and password.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":26,"key":"ephemeralAccountantChallenge","name":"Ephemeral Accountant","category":"Injection","tags":null,"description":"Log in with the (non-existing) accountant <i>acc0unt4nt@juice-sh.op</i> without ever registering that user.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":27,"key":"errorHandlingChallenge","name":"Error Handling","category":"Security Misconfiguration","tags":"Prerequisite","description":"Provoke an error that is neither very gracefully nor consistently handled.","difficulty":1,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":28,"key":"manipulateClockChallenge","name":"Expired Coupon","category":"Improper Input Validation","tags":null,"description":"Successfully redeem an expired campaign coupon code.","difficulty":4,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":29,"key":"extraLanguageChallenge","name":"Extra Language","category":"Broken Anti Automation","tags":"Brute Force","description":"First you should find out how the languages are technically changed in the user interface.","difficulty":5,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":30,"key":"feedbackChallenge","name":"Five-Star Feedback","category":"Broken Access Control","tags":null,"description":"Get rid of all 5-star customer feedback.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":31,"key":"forgedCouponChallenge","name":"Forged Coupon","category":"Cryptographic Issues","tags":"Good for Demos,Code Analysis","description":"Forge a coupon code that gives you a discount of at least 80%.","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":32,"key":"forgedFeedbackChallenge","name":"Forged Feedback","category":"Broken Access Control","tags":"Tutorial","description":"Post some feedback in another user's name.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":11,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":33,"key":"forgedReviewChallenge","name":"Forged Review","category":"Broken Access Control","tags":"With Coding Challenge","description":"Post a product review as another user or edit any user's existing review.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.090Z","updatedAt":"2026-03-13T16:14:26.090Z","ChallengeDependencies":[]},{"id":34,"key":"jwtForgedChallenge","name":"Forged Signed JWT","category":"Vulnerable Components","tags":null,"description":"Forge an almost properly RSA-signed JWT token that impersonates the (non-existing) user <i>rsa_lord@juice-sh.op</i>.","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":35,"key":"forgottenDevBackupChallenge","name":"Forgotten Developer Backup","category":"Sensitive Data Exposure","tags":"Contraption,Good for Demos,Prerequisite","description":"Access a developer's forgotten backup file.","difficulty":4,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":36,"key":"forgottenBackupChallenge","name":"Forgotten Sales Backup","category":"Sensitive Data Exposure","tags":"Contraption","description":"Access a salesman's forgotten backup file.","difficulty":4,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":37,"key":"typosquattingAngularChallenge","name":"Frontend Typosquatting","category":"Vulnerable Components","tags":null,"description":"<a href=\"/#/contact\">Inform the shop</a> about a <i>typosquatting</i> imposter that dug itself deep into the frontend. (Mention the exact name of the culprit)","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":38,"key":"ghostLoginChallenge","name":"GDPR Data Erasure","category":"Broken Authentication","tags":null,"description":"Log in with Chris' erased user account.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/User_Privacy_Protection_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":39,"key":"dataExportChallenge","name":"GDPR Data Theft","category":"Sensitive Data Exposure","tags":null,"description":"Steal someone else's personal data without using Injection.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/User_Privacy_Protection_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":40,"key":"httpHeaderXssChallenge","name":"HTTP-Header XSS","category":"XSS","tags":"Danger Zone","description":"Perform a <i>persisted</i> XSS attack with <code>&lt;iframe src=\"javascript:alert(`xss`)\"&gt;</code> through an HTTP header. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":41,"key":"continueCodeChallenge","name":"Imaginary Challenge","category":"Cryptographic Issues","tags":"Shenanigans,Code Analysis","description":"Solve challenge #999. Unfortunately, this challenge does not exist.","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":42,"key":"dlpPasswordSprayingChallenge","name":"Leaked Access Logs","category":"Observability Failures","tags":"OSINT","description":"Dumpster dive the Internet for a leaked password and log in to the original user account it belongs to. (Creating a new account with the same password does not qualify as a solution.)","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.091Z","updatedAt":"2026-03-13T16:14:26.091Z","ChallengeDependencies":[]},{"id":43,"key":"dlpPastebinDataLeakChallenge","name":"Leaked Unsafe Product","category":"Sensitive Data Exposure","tags":"Shenanigans,OSINT","description":"Identify an unsafe product that was removed from the shop and <a href=\"/#/contact\">inform the shop</a> which ingredients are dangerous.","difficulty":4,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:26.092Z","ChallengeDependencies":[]},{"id":44,"key":"typosquattingNpmChallenge","name":"Legacy Typosquatting","category":"Vulnerable Components","tags":null,"description":"<a href=\"/#/contact\">Inform the shop</a> about a <i>typosquatting</i> trick it has been a victim of at least in <code>v6.2.0-SNAPSHOT</code>. (Mention the exact name of the culprit)","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:26.092Z","ChallengeDependencies":[]},{"id":45,"key":"loginAdminChallenge","name":"Login Admin","category":"Injection","tags":"Tutorial,Good for Demos,With Coding Challenge","description":"Log in with the administrator's user account.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":7,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":46,"key":"loginAmyChallenge","name":"Login Amy","category":"Sensitive Data Exposure","tags":"OSINT","description":"Log in with Amy's original user credentials. (This could take 93.83 billion trillion trillion centuries to brute force, but luckily she did not read the \"One Important Final Note\")","difficulty":3,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:26.092Z","ChallengeDependencies":[]},{"id":47,"key":"loginBenderChallenge","name":"Login Bender","category":"Injection","tags":"Tutorial,With Coding Challenge","description":"Log in with Bender's user account.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":13,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":48,"key":"oauthUserPasswordChallenge","name":"Login Bjoern","category":"Broken Authentication","tags":"Code Analysis","description":"Log in with Bjoern's Gmail account <i>without</i> previously changing his password, applying SQL Injection, or hacking his Google account.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:26.092Z","ChallengeDependencies":[]},{"id":49,"key":"loginJimChallenge","name":"Login Jim","category":"Injection","tags":"Tutorial,With Coding Challenge","description":"Log in with Jim's user account.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":12,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":50,"key":"loginRapperChallenge","name":"Login MC SafeSearch","category":"Sensitive Data Exposure","tags":"Shenanigans,OSINT","description":"Log in with MC SafeSearch's original user credentials without applying SQL Injection or any other bypass.","difficulty":2,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.092Z","updatedAt":"2026-03-13T16:14:26.092Z","ChallengeDependencies":[]},{"id":51,"key":"loginSupportChallenge","name":"Login Support Team","category":"Security Misconfiguration","tags":"Brute Force,Code Analysis","description":"Log in with the support team's original user credentials without applying SQL Injection or any other bypass.","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":52,"key":"basketManipulateChallenge","name":"Manipulate Basket","category":"Broken Access Control","tags":null,"description":"Put an additional product into another user's shopping basket.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":53,"key":"misplacedSignatureFileChallenge","name":"Misplaced Signature File","category":"Observability Failures","tags":"Good Practice,Contraption","description":"Access a misplaced <a href=\"https://github.com/Neo23x0/sigma\">SIEM signature</a> file.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":54,"key":"timingAttackChallenge","name":"Multiple Likes","category":"Broken Anti Automation","tags":null,"description":"Like any review at least three times as the same user.","difficulty":6,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":55,"key":"easterEggLevelTwoChallenge","name":"Nested Easter Egg","category":"Cryptographic Issues","tags":"Shenanigans,Good for Demos","description":"Apply some advanced cryptanalysis to find <i>the real</i> easter egg.","difficulty":4,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":56,"key":"noSqlCommandChallenge","name":"NoSQL DoS","category":"Injection","tags":"Danger Zone","description":"Let the server sleep for some time. (It has done more than enough hard work for you) <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":57,"key":"noSqlOrdersChallenge","name":"NoSQL Exfiltration","category":"Injection","tags":"Danger Zone","description":"All your orders are belong to us! Even the ones which don't. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":58,"key":"noSqlReviewsChallenge","name":"NoSQL Manipulation","category":"Injection","tags":"With Coding Challenge","description":"Update multiple product reviews at the same time.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":59,"key":"redirectCryptoCurrencyChallenge","name":"Outdated Allowlist","category":"Unvalidated Redirects","tags":"Code Analysis,With Coding Challenge","description":"Let us redirect you to one of our crypto currency addresses which are not promoted any longer.","difficulty":1,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":60,"key":"weakPasswordChallenge","name":"Password Strength","category":"Broken Authentication","tags":"Brute Force,Tutorial,With Coding Challenge","description":"Log in with the administrator's user credentials without previously changing them or applying SQL Injection.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":9,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":61,"key":"negativeOrderChallenge","name":"Payback Time","category":"Improper Input Validation","tags":null,"description":"Place an order that makes you rich.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.093Z","updatedAt":"2026-03-13T16:14:26.093Z","ChallengeDependencies":[]},{"id":62,"key":"premiumPaywallChallenge","name":"Premium Paywall","category":"Cryptographic Issues","tags":"Shenanigans","description":"💎💎💎💎💎<!--IvLuRfBJYlmStf9XfL6ckJFngyd9LfV1JaaN/KRTPQPidTuJ7FR+D/nkWJUF+0xUF07CeCeqYfxq+OJVVa0gNbqgYkUNvn//UbE7e95C+6e+7GtdpqJ8mqm4WcPvUGIUxmGLTTAC2+G9UuFCD1DUjg==--> <a href=\"https://blockchain.info/address/1AbKfgvw9psQ41NbLi8kufDQTezwG8DRZm\" target=\"_blank\">₿ Unlock Premium Challenge</a> to access exclusive content.","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":63,"key":"privacyPolicyChallenge","name":"Privacy Policy","category":"Miscellaneous","tags":"Good Practice,Tutorial,Good for Demos","description":"Read our privacy policy.","difficulty":1,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":4,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":64,"key":"privacyPolicyProofChallenge","name":"Privacy Policy Inspection","category":"Security through Obscurity","tags":"Shenanigans,Good for Demos","description":"Prove that you actually read our privacy policy.","difficulty":3,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":65,"key":"changeProductChallenge","name":"Product Tampering","category":"Broken Access Control","tags":"With Coding Challenge","description":"Change the <code>href</code> of the link within the <a href=\"/#/search?q=OWASP SSL Advanced Forensic Tool (O-Saft)\">OWASP SSL Advanced Forensic Tool (O-Saft)</a> product description into <i>https://owasp.slack.com</i>.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":66,"key":"reflectedXssChallenge","name":"Reflected XSS","category":"XSS","tags":"Tutorial,Danger Zone,Good for Demos","description":"Perform a <i>reflected</i> XSS attack with <code>&lt;iframe src=\"javascript:alert(`xss`)\"&gt;</code>. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":5,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":67,"key":"passwordRepeatChallenge","name":"Repetitive Registration","category":"Improper Input Validation","tags":null,"description":"Follow the DRY principle while registering a user.","difficulty":1,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":68,"key":"resetPasswordBenderChallenge","name":"Reset Bender's Password","category":"Broken Authentication","tags":"OSINT,With Coding Challenge","description":"Reset Bender's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":69,"key":"resetPasswordBjoernChallenge","name":"Reset Bjoern's Password","category":"Broken Authentication","tags":"OSINT,With Coding Challenge","description":"Reset the password of Bjoern's internal account via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":70,"key":"resetPasswordJimChallenge","name":"Reset Jim's Password","category":"Broken Authentication","tags":"OSINT,With Coding Challenge","description":"Reset Jim's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":71,"key":"resetPasswordMortyChallenge","name":"Reset Morty's Password","category":"Broken Anti Automation","tags":"OSINT,Brute Force,With Coding Challenge","description":"Reset Morty's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>his obfuscated answer</i> to his security question.","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.094Z","updatedAt":"2026-03-13T16:14:26.094Z","ChallengeDependencies":[]},{"id":72,"key":"retrieveBlueprintChallenge","name":"Retrieve Blueprint","category":"Sensitive Data Exposure","tags":null,"description":"Deprive the shop of earnings by downloading the blueprint for one of its products.","difficulty":5,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":73,"key":"ssrfChallenge","name":"SSRF","category":"Broken Access Control","tags":"Code Analysis","description":"Request a hidden resource on server through server.","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":74,"key":"sstiChallenge","name":"SSTi","category":"Injection","tags":"Contraption,Danger Zone,Code Analysis","description":"Infect the server with juicy malware by abusing arbitrary command execution. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":6,"mitigationUrl":null,"solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":75,"key":"scoreBoardChallenge","name":"Score Board","category":"Miscellaneous","tags":"Tutorial,Code Analysis,With Coding Challenge","description":"Find the carefully hidden 'Score Board' page.","difficulty":1,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":1,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":76,"key":"securityPolicyChallenge","name":"Security Policy","category":"Miscellaneous","tags":"Good Practice","description":"Behave like any \"white-hat\" should before getting into the action.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":77,"key":"persistedXssFeedbackChallenge","name":"Server-side XSS Protection","category":"XSS","tags":"Danger Zone","description":"Perform a <i>persisted</i> XSS attack with <code>&lt;iframe src=\"javascript:alert(`xss`)\"&gt;</code> bypassing a <i>server-side</i> security mechanism. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":78,"key":"hiddenImageChallenge","name":"Steganography","category":"Security through Obscurity","tags":"Shenanigans","description":"<a href=\"/#/contact\">Rat out</a> a notorious character hiding in plain sight in the shop. (Mention the exact name of the character)","difficulty":4,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":79,"key":"rceOccupyChallenge","name":"Successful RCE DoS","category":"Insecure Deserialization","tags":"Danger Zone","description":"Perform a Remote Code Execution that occupies the server for a while without using infinite loops. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":80,"key":"supplyChainAttackChallenge","name":"Supply Chain Attack","category":"Vulnerable Components","tags":"OSINT","description":"<a href=\"/#/contact\">Inform the development team</a> about a danger to some of <em>their</em> credentials. (Send them the URL of the <em>original report</em> or an assigned CVE or another identifier of this vulnerability)","difficulty":5,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":81,"key":"twoFactorAuthUnsafeSecretStorageChallenge","name":"Two Factor Authentication","category":"Broken Authentication","tags":null,"description":"Solve the 2FA challenge for user \"wurstbrot\". (Disabling, bypassing or overwriting his 2FA settings does not count as a solution)","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Multifactor_Authentication_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.095Z","updatedAt":"2026-03-13T16:14:26.095Z","ChallengeDependencies":[]},{"id":82,"key":"jwtUnsignedChallenge","name":"Unsigned JWT","category":"Vulnerable Components","tags":null,"description":"Forge an essentially unsigned JWT token that impersonates the (non-existing) user <i>jwtn3d@juice-sh.op</i>.","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":83,"key":"uploadSizeChallenge","name":"Upload Size","category":"Improper Input Validation","tags":null,"description":"Upload a file larger than 100 kB.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":84,"key":"uploadTypeChallenge","name":"Upload Type","category":"Improper Input Validation","tags":null,"description":"Upload a file that has no .pdf or .zip extension.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":85,"key":"unionSqlInjectionChallenge","name":"User Credentials","category":"Injection","tags":"With Coding Challenge","description":"Retrieve a list of all user credentials via SQL Injection.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":86,"key":"videoXssChallenge","name":"Video XSS","category":"XSS","tags":"Danger Zone","description":"Embed an XSS payload <code>&lt;/script&gt;&lt;script&gt;alert(`xss`)&lt;/script&gt;</code> into our promo video. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":6,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":87,"key":"basketAccessChallenge","name":"View Basket","category":"Broken Access Control","tags":"Tutorial,Good for Demos","description":"View another user's shopping basket.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html","solved":true,"disabledEnv":null,"tutorialOrder":10,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":88,"key":"knownVulnerableComponentChallenge","name":"Vulnerable Library","category":"Vulnerable Components","tags":"OSINT","description":"<a href=\"/#/contact\">Inform the shop</a> about a vulnerable library it is using. (Mention the exact library name and version in your comment)","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":89,"key":"weirdCryptoChallenge","name":"Weird Crypto","category":"Cryptographic Issues","tags":null,"description":"<a href=\"/#/contact\">Inform the shop</a> about an algorithm or library it should definitely not use the way it does.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":90,"key":"redirectChallenge","name":"Allowlist Bypass","category":"Unvalidated Redirects","tags":"Prerequisite,With Coding Challenge","description":"Enforce a redirect to a page you are not supposed to redirect to.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":91,"key":"xxeFileDisclosureChallenge","name":"XXE Data Access","category":"XXE","tags":"Danger Zone","description":"Retrieve the content of <code>C:\\Windows\\system.ini</code> or <code>/etc/passwd</code> from the server. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":92,"key":"xxeDosChallenge","name":"XXE DoS","category":"XXE","tags":"Danger Zone","description":"Give the server something to chew on for quite a while. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.096Z","updatedAt":"2026-03-13T16:14:26.096Z","ChallengeDependencies":[]},{"id":93,"key":"yamlBombChallenge","name":"Memory Bomb","category":"Insecure Deserialization","tags":"Danger Zone","description":"Drop some explosive data into a vulnerable file-handling endpoint. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html","solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":94,"key":"zeroStarsChallenge","name":"Zero Stars","category":"Improper Input Validation","tags":null,"description":"Give a devastating zero-star feedback to the store.","difficulty":1,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":95,"key":"missingEncodingChallenge","name":"Missing Encoding","category":"Improper Input Validation","tags":"Shenanigans","description":"Retrieve the photo of Bjoern's cat in \"melee combat-mode\".","difficulty":1,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":96,"key":"svgInjectionChallenge","name":"Cross-Site Imaging","category":"Security Misconfiguration","tags":"Contraption","description":"Stick <a href=\"https://cataas.com/cat\" target=\"_blank\">cute cross-domain kittens</a> all over our delivery boxes.","difficulty":5,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":97,"key":"exposedMetricsChallenge","name":"Exposed Metrics","category":"Observability Failures","tags":"Good Practice,With Coding Challenge","description":"Find the endpoint that serves usage data to be scraped by a <a href=\"https://github.com/prometheus/prometheus\">popular monitoring system</a>.","difficulty":1,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":98,"key":"freeDeluxeChallenge","name":"Deluxe Fraud","category":"Improper Input Validation","tags":null,"description":"Obtain a Deluxe Membership without paying for it.","difficulty":3,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":99,"key":"csrfChallenge","name":"CSRF","category":"Broken Access Control","tags":null,"description":"Change the name of a user by performing Cross-Site Request Forgery from <a href=\"http://htmledit.squarefree.com\">another origin</a>.","difficulty":3,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":100,"key":"xssBonusChallenge","name":"Bonus Payload","category":"XSS","tags":"Shenanigans,Tutorial,With Coding Challenge","description":"Use the bonus payload <code>&lt;iframe width=&quot;100%&quot; height=&quot;166&quot; scrolling=&quot;no&quot; frameborder=&quot;no&quot; allow=&quot;autoplay&quot; src=&quot;https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&amp;color=%23ff5500&amp;auto_play=true&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false&amp;show_teaser=true&quot;&gt;&lt;/iframe&gt;</code> in the <i>DOM XSS</i> challenge.","difficulty":1,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":3,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":101,"key":"resetPasswordUvoginChallenge","name":"Reset Uvogin's Password","category":"Sensitive Data Exposure","tags":"OSINT,With Coding Challenge","description":"Reset Uvogin's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.","difficulty":4,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":102,"key":"geoStalkingMetaChallenge","name":"Meta Geo Stalking","category":"Sensitive Data Exposure","tags":"OSINT","description":"Determine the answer to John's security question by looking at an upload of him to the Photo Wall and use it to reset his password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.097Z","updatedAt":"2026-03-13T16:14:26.097Z","ChallengeDependencies":[]},{"id":103,"key":"geoStalkingVisualChallenge","name":"Visual Geo Stalking","category":"Sensitive Data Exposure","tags":"OSINT","description":"Determine the answer to Emma's security question by looking at an upload of her to the Photo Wall and use it to reset her password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[]},{"id":104,"key":"nullByteChallenge","name":"Poison Null Byte","category":"Improper Input Validation","tags":"Prerequisite","description":"Bypass a security control with a <a href=\"https://hakipedia.com/index.php/Poison_Null_Byte\">Poison Null Byte</a> to access a file not meant for your eyes.","difficulty":4,"mitigationUrl":null,"solved":true,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:33.521Z","ChallengeDependencies":[]},{"id":105,"key":"lfrChallenge","name":"Local File Read","category":"Vulnerable Components","tags":"OSINT,Danger Zone","description":"Gain read access to an arbitrary local file on the web server. <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>","difficulty":5,"mitigationUrl":null,"solved":false,"disabledEnv":"Heroku","tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[]},{"id":106,"key":"closeNotificationsChallenge","name":"Mass Dispel","category":"Miscellaneous","tags":null,"description":"Close multiple \"Challenge solved\"-notifications in one go.","difficulty":1,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[]},{"id":107,"key":"csafChallenge","name":"Security Advisory","category":"Miscellaneous","tags":null,"description":"The Juice Shop is susceptible to a known vulnerability in a library, for which an advisory has already been issued, marking the Juice Shop as <i>known affected</i>. A fix is still pending. <a href=\"/#/contact\">Inform the shop</a> about a suitable checksum as proof that you did your due diligence.","difficulty":3,"mitigationUrl":null,"solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[]},{"id":108,"key":"exposedCredentialsChallenge","name":"Exposed credentials","category":"Sensitive Data Exposure","tags":null,"description":"A developer was careless with hardcoding unused, but still valid credentials for a testing account on the client-side.","difficulty":2,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":6,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[]},{"id":109,"key":"leakedApiKeyChallenge","name":"Leaked API Key","category":"Sensitive Data Exposure","tags":null,"description":"<a href=\"/#/contact\">Inform the shop</a> about a leaked API key. (Mention the exact key in your comment)","difficulty":5,"mitigationUrl":"https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":false,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[]},{"id":110,"key":"chatbotPromptInjectionChallenge","name":"Chatbot Prompt Injection","category":"Injection","tags":"Good for Demos,AI/LLM,With Coding Challenge,Requires LLM API","description":"Trick the chatbot into generating a coupon code for you despite its coupon policy saying otherwise.","difficulty":2,"mitigationUrl":"https://genai.owasp.org/llmrisk/llm01-prompt-injection/","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[{"ChallengeId":110,"id":5,"name":"LLM API","documentation":"https://howto-llm.owasp-juice.shop","key":"http://localhost:11434/v1","missing":true,"createdAt":"2026-03-13T16:14:27.169Z","updatedAt":"2026-03-13T16:14:27.169Z"}]},{"id":111,"key":"chatbotGreedyInjectionChallenge","name":"Greedy Chatbot Manipulation","category":"Injection","tags":"AI/LLM,With Coding Challenge,Requires LLM API","description":"Convince the chatbot to give you a coupon of 50% or more. Because apparently a 10% max policy is just a suggestion when you ask nicely enough.","difficulty":3,"mitigationUrl":"https://genai.owasp.org/llmrisk/llm01-prompt-injection/","solved":false,"disabledEnv":null,"tutorialOrder":null,"codingChallengeStatus":0,"hasCodingChallenge":true,"createdAt":"2026-03-13T16:14:26.098Z","updatedAt":"2026-03-13T16:14:26.098Z","ChallengeDependencies":[{"ChallengeId":111,"id":6,"name":"LLM API","documentation":"https://howto-llm.owasp-juice.shop","key":"http://localhost:11434/v1","missing":true,"createdAt":"2026-03-13T16:14:27.178Z","updatedAt":"2026-03-13T16:14:27.178Z"}]}]}