Media Badge

22 Videos
18 Exercises

Exercises

Easy
SSRF in PDF generation
  • This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide
  • 1 video
  • Completed by 770 students
  • Takes < 1 Hr. on average

 

Coming soon
Easy
ODF XXE
  • This exercise covers the exploitation of an XXE in an ODF Parser
  • Takes -- on average

 

Medium
XSL PHP
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 202 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94,CWE-306

 

Medium
XSL PHP II
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 171 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94

 

Medium
DOMPDF RCE
  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 2 videos
  • Completed by 98 students
  • Takes < 1 Hr. on average
  • PHP

 

Medium
CVE-2022-39224
  • This exercise covers the exploitation of CVE-2022-39224
  • 1 video
  • Completed by 52 students
  • Takes 2-4 Hrs. on average
  • Ruby
  • CWE-78

 

Medium
XSL PHP III
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 121 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94

 

Medium
XSL PHP IV
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 98 students
  • Takes 2-4 Hrs. on average
  • PHP
  • CWE-94

 

Medium
DOMPDF RCE II
  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 3 videos
  • Completed by 40 students
  • Takes 2-4 Hrs. on average
  • PHP

 

Medium
XSL Java
  • This exercise covers the exploitation of a Java application using XSL
  • 2 videos
  • Completed by 74 students
  • Takes < 1 Hr. on average
  • Java

 

Medium
DOMPDF RCE III
  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 2 videos
  • Completed by 25 students
  • Takes 2-4 Hrs. on average
  • PHP

 

Medium
SSRF via FFMPEG
  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 209 students
  • Takes 1-2 Hrs. on average
  • Ruby/FFMpeg
  • CWE-918

 

Medium
CVE-2021-22204: Exiftool RCE II
  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • Completed by 47 students
  • Takes < 1 Hr. on average
  • CWE-94,CWE-74

 

Medium
CVE-2021-33564 Argument Injection in Ruby Dragonfly
  • This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
  • Completed by 104 students
  • Takes < 1 Hr. on average
  • CWE-88

 

Hard
SSRF via FFMPEG II
  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 101 students
  • Takes < 1 Hr. on average
  • Ruby/FFMpeg
  • CWE-918

 

Hard
XSL PHP V
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 74 students
  • Takes 1-2 Hrs. on average
  • PHP
  • CWE-94

 

Hard
CVE-2021-22204: Exiftool RCE
  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • 1 video
  • Completed by 142 students
  • Takes 1-2 Hrs. on average
  • CWE-74

 

Hard
DOMPDF RCE IV
  • This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library
  • Completed by 11 students
  • Takes > 4 Hrs. on average
  • PHP