Brown Badge

7

Exercises

0

Completed this badge

4

CPEs

Signing Oracle

This exercise covers how a signing oracle can be used to bypass authorization in place

Difficulty: EASY
  • 2 videos
  • Completed by 53 students
  • Takes Less than an hour on average

SSRF in PDF generation Coming soon

This exercise covers how you can read abitrary files when an application generates pdf from a link you provide

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

JSON Web Encryption

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver

Difficulty: EASY
  • 2 videos
  • Completed by 29 students
  • Takes Less than an hour on average

TBD Coming soon

TBD

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic

Difficulty: EASY
  • Completed by 8 students
  • Takes Less than an hour on average

PHP phar://

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.

Difficulty: MEDIUM
  • Completed by 8 students
  • Takes Less than an hour on average

Spring Actuators

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.

Difficulty: MEDIUM
  • Completed by 6 students
  • Takes Between 1 and 2 hours on average