Media Badge

2 Videos
12 Exercises
Easy image for SSRF in PDF generation

SSRF in PDF generation

  • This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide
  • 1 video
  • Completed by 627 students
  • Takes Less than an hour on average
Easy image for XSL PHP

XSL PHP

  • This exercise covers the exploitation of a PHP application using XSL
  • Completed by 16 students
  • Takes Less than an hour on average
  • PHP
Coming soon
Easy image for XSL PHP II

XSL PHP II

  • This exercise covers the exploitation of a PHP application using XSL
  • Takes -- on average
  • PHP
Coming soon
Easy image for DOMPDF RCE

DOMPDF RCE

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • Takes -- on average
  • PHP
Coming soon
Medium image for XSL PHP III

XSL PHP III

  • This exercise covers the exploitation of a PHP application using XSL
  • Takes -- on average
  • PHP
Coming soon
Medium image for XSL PHP IV

XSL PHP IV

  • This exercise covers the exploitation of a PHP application using XSL
  • Takes -- on average
  • PHP
Coming soon
Medium image for DOMPDF RCE II

DOMPDF RCE II

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • Takes -- on average
  • PHP
Medium image for SSRF via FFMPEG

SSRF via FFMPEG

  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 152 students
  • Takes Between 1 and 2 hours on average
  • Ruby/FFMpeg
Medium image for CVE-2021-33564 Argument Injection in Ruby Dragonfly

CVE-2021-33564 Argument Injection in Ruby Dragonfly

  • This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
  • Completed by 52 students
  • Takes Less than an hour on average
Hard image for SSRF via FFMPEG II

SSRF via FFMPEG II

  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 76 students
  • Takes Between 1 and 2 hours on average
  • Ruby/FFMpeg
Hard image for CVE-2021-22204: Exiftool RCE

CVE-2021-22204: Exiftool RCE

  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • 1 video
  • Completed by 96 students
  • Takes Between 1 and 2 hours on average
Coming soon
Hard image for CVE-2021-22204: Exiftool RCE II

CVE-2021-22204: Exiftool RCE II

  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • Takes -- on average