Brown Badge

11

Exercises

0

Completed this badge

8

CPEs

Signing Oracle

This exercise covers how a signing oracle can be used to bypass authorization in place

Difficulty: EASY
  • 2 videos
  • Completed by 127 students
  • Takes Less than an hour on average

SSRF in PDF generation

This exercise covers how you can read abitrary files when an application generates pdf from a link you provide

Difficulty: EASY
  • 1 video
  • Completed by 126 students
  • Takes Less than an hour on average

JS Prototype Pollution

This exercise covers how to exploit Prototype Pollution against a JavaScript application

Difficulty: EASY
  • 1 video
  • Completed by 89 students
  • Takes Less than an hour on average

JSON Web Encryption

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver

Difficulty: EASY
  • 2 videos
  • Completed by 74 students
  • Takes Less than an hour on average

TBD Coming soon

TBD

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic

Difficulty: EASY
  • 1 video
  • Completed by 60 students
  • Takes Less than an hour on average

Unicode and Uppercase

This exercise covers how you can use unicode to gain access to an admin account.

Difficulty: EASY
  • Completed by 33 students
  • Takes Less than an hour on average

Unicode and Downcase Coming soon

This exercise covers how you can use unicode to gain access to an admin account.

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

PHP phar://

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.

Difficulty: MEDIUM
  • 1 video
  • Completed by 45 students
  • Takes Less than an hour on average

Spring Actuators

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.

Difficulty: MEDIUM
  • 1 video
  • Completed by 29 students
  • Takes Between 1 and 2 hours on average

From SQL injection to Shell III: PostgreSQL Edition

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript

Difficulty: MEDIUM
  • Ruby-on-Rails
  • Completed by 14 students
  • Takes Between 2 and 4 hours on average