## Apprentice Level - ✅ [[1. Authentication bypass via OAuth implicit flow]] ## Practitioner Level - ✅ [[2. SSRF via OpenID dynamic client registration]] - ✅ [[3. Forced OAuth profile linking]] - ✅ [[4. OAuth account hijacking via redirect_uri]] - ✅ [[5. File path traversal, validation of start of path]] - ✅ [[6. File path traversal, validation of file extension with null byte bypass]]