Duck store: intentionally vulnerable website!

Project #3 of 5 in "Web Security" progression
Duck store: intentionally vulnerable website! thumbnail

Updated: Feb 23, 2026

In this project

Wanna become the best cyber guardian of all time? Meet Duck Store - website you need to hack. 

Surprised? Well, at the beginning of their careers, most white hat specialist were hackers first. And you will be too.   

Lessons

  1. #1.Meet Duck Store: intentionally vulnerable website #1
  2. #2.Making a plan for your ducking journey. Duck! #2
  3. #3.A mental model of XSS attack #3
  4. #4.Negative items quantity #4
  5. #5.100% off coupons #5
  6. #6.I see all of your users: IDOR in API #6
  7. #7.Becoming the admin using JWT alg:none #7
  8. #8.Admin - admin #8
  9. #9.Finding all orders in API #9
  10. #10.Setting up an XSS mine in testimonials #10
  11. #11.Capture the flag: vulnerabilities list #11
  12. #12.Capture the flag: Features unlocked #12
Duck store: intentionally vulnerable website!