• GraphQL/Node/Angular
  • Completed by 0 students

GraphQL Introspection Coming soon

  • Difficulty:

This exercise covers how to use introspection to get access to additional information in GraphQL.

  • Ruby/Sinatra
  • Completed by 13 students

Ruby 2.x Universal RCE Deserialization Gadget Chain

  • Difficulty:

This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()

  • GraphQL/Node/Angular/SQLite3
  • Completed by 0 students

GraphQL: SQL Injection Coming soon

  • Difficulty:

This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.

  • Ruby-on-Rails
  • Completed by 16 students

From SQL injection to Shell III

  • Difficulty:

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick

  • Ruby
  • Completed by 0 students

Length Extension Attack Coming soon

  • Difficulty:

This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability

  • Golang
  • Completed by 2 students

Gogs RCE

  • Difficulty:

This exercise covers how to get code execution against the Git self hosted tool: Gogs.

  • Ruby-on-Rails
  • Completed by 13 students

IDOR to Shell

  • Difficulty:

This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application