Brown Badge
8
Exercises
0
Completed this badge
5
CPEs
Signing Oracle
This exercise covers how a signing oracle can be used to bypass authorization in place
Difficulty: EASY- 2 videos
- Completed by 84 students
- Takes Less than an hour on average
SSRF in PDF generation
This exercise covers how you can read abitrary files when an application generates pdf from a link you provide
Difficulty: EASY- 1 video
- Completed by 66 students
- Takes Less than an hour on average
JS Prototype Pollution
This exercise covers how to exploit Prototype Pollution against a JavaScript application
Difficulty: EASY- Completed by 30 students
- Takes Less than an hour on average
JSON Web Encryption
This exercise covers how you can create your own JWE if you have access to the public key used by the se rver
Difficulty: EASY- 2 videos
- Completed by 45 students
- Takes Less than an hour on average
TBD Coming soon
TBD
Difficulty: EASY- Completed by 0 student
- Takes -- on average
Apache Pluto RCE
This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic
Difficulty: EASY- Completed by 27 students
- Takes Less than an hour on average
PHP phar://
This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
Difficulty: MEDIUM- 1 video
- Completed by 22 students
- Takes Less than an hour on average
Spring Actuators
This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
Difficulty: MEDIUM- Completed by 15 students
- Takes Between 1 and 2 hours on average