Response

URL: https://stc-owasp-juice-dnebatcgf2ddf4cr.uksouth-01.azurewebsites.net/api/Challenges/?name=Bonus%20Payload

Status code: 200

Request Headers

Accept: application/json, text/plain, */*
User-Agent: axios/1.10.0
Accept-Encoding: gzip, compress, deflate, br

Response Headers

connection: close
content-type: application/json; charset=utf-8
date: Fri, 04 Jul 2025 12:58:45 GMT
access-control-allow-origin: *
etag: W/"454-NwiHNVu6k1SbnHvwvjwYUbh6LHY"
transfer-encoding: chunked
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
feature-policy: payment 'self'
x-recruiting: /#/jobs

Response Body

{
    "status": "success",
    "data": [
        {
            "id": 99,
            "key": "xssBonusChallenge",
            "name": "Bonus Payload",
            "category": "XSS",
            "tags": "Shenanigans,Tutorial,With Coding Challenge",
            "description": "Use the bonus payload <code>&lt;iframe width=&quot;100%&quot; height=&quot;166&quot; scrolling=&quot;no&quot; frameborder=&quot;no&quot; allow=&quot;autoplay&quot; src=&quot;https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&amp;color=%23ff5500&amp;auto_play=true&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false&amp;show_teaser=true&quot;&gt;&lt;/iframe&gt;</code> in the <i>DOM XSS</i> challenge.",
            "difficulty": 1,
            "hint": "Copy + Paste = Solved!",
            "hintUrl": "https://pwning.owasp-juice.shop/companion-guide/latest/part2/xss.html#_use_the_bonus_payload_in_the_dom_xss_challenge",
            "mitigationUrl": "https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html",
            "solved": true,
            "disabledEnv": null,
            "tutorialOrder": 3,
            "codingChallengeStatus": 0,
            "hasCodingChallenge": true,
            "createdAt": "2025-06-30T07:25:07.911Z",
            "updatedAt": "2025-07-04T11:03:59.668Z"
        }
    ]
}