Medium
Zipline
Law firm case exports. Downloading exports by public ID leaks an internal subdomain and credentials, leading to a second API with hidden config.
ZipLine Writeup↗Walkthrough available
ZipLine Walkthrough (WebVerse)
Full guided walkthrough for Zipline. Want to try first? Attempt the lab, then come back when you’re stuck.
What you’ll practice in Zipline
Zipline is a realistic web hacking lab you can run locally in a controlled environment. You’ll practice mapping attack surface, testing authentication and authorization boundaries, and chaining weaknesses into impact — without spoilers.
- • Difficulty: Medium
- • Format: Local-first lab environment (recommended: Docker)
- • Focus areas: Web exploitation fundamentals