This dojo is going to guide you through the fascinating world of content injection—from the simplest tricks that toy with CSV cells to the most devious payloads that bend YAML parsers to your will.
Content injection happens when untrusted input masquerades as structure or code instead of plain text. In each challenge, you’ll discover how a well-crafted string can slip past filters and warp parser logic across formats like CSV, HTML/JavaScript, JSON, XML, and YAML.
By the end of this journey, you won’t just spot injection flaws—you’ll wield them to elevate privileges, read protected data, and understand exactly why they happen.
Let your content injection adventure begin—may your payloads be clever and your defenses unbreakable!
Contributing: This dojo is open source! Contribute challenges, fixes, and improvements here.
Questions? Come chat on this dojo's Discord channel!
