Media Badge

22 Videos
18 Exercises

Exercises

Easy
SSRF in PDF generation
  • This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide
  • 1 video
  • Completed by 762 students
  • Takes < 1 Hr. on average

 

Coming soon
Easy
ODF XXE
  • This exercise covers the exploitation of an XXE in an ODF Parser
  • Takes -- on average

 

Easy
XSL PHP
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 196 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94,CWE-306

 

Easy
XSL PHP II
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 166 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94

 

Easy
DOMPDF RCE
  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 2 videos
  • Completed by 94 students
  • Takes < 1 Hr. on average
  • PHP

 

Easy
CVE-2022-39224
  • This exercise covers the exploitation of CVE-2022-39224
  • 1 video
  • Completed by 48 students
  • Takes 2-4 Hrs. on average
  • Ruby
  • CWE-78

 

Medium
XSL PHP III
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 117 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94

 

Medium
XSL PHP IV
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 94 students
  • Takes 2-4 Hrs. on average
  • PHP
  • CWE-94

 

Medium
DOMPDF RCE II
  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 3 videos
  • Completed by 36 students
  • Takes 2-4 Hrs. on average
  • PHP

 

Medium
XSL Java
  • This exercise covers the exploitation of a Java application using XSL
  • 2 videos
  • Completed by 68 students
  • Takes < 1 Hr. on average
  • Java

 

Medium
DOMPDF RCE III
  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 2 videos
  • Completed by 20 students
  • Takes 2-4 Hrs. on average
  • PHP

 

Medium
SSRF via FFMPEG
  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 203 students
  • Takes 1-2 Hrs. on average
  • Ruby/FFMpeg
  • CWE-918

 

Medium
CVE-2021-22204: Exiftool RCE II
  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • Completed by 42 students
  • Takes < 1 Hr. on average
  • CWE-94,CWE-74

 

Medium
CVE-2021-33564 Argument Injection in Ruby Dragonfly
  • This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
  • Completed by 100 students
  • Takes < 1 Hr. on average
  • CWE-88

 

Hard
SSRF via FFMPEG II
  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 99 students
  • Takes < 1 Hr. on average
  • Ruby/FFMpeg
  • CWE-918

 

Hard
XSL PHP V
  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 70 students
  • Takes 1-2 Hrs. on average
  • PHP
  • CWE-94

 

Hard
CVE-2021-22204: Exiftool RCE
  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • 1 video
  • Completed by 137 students
  • Takes 1-2 Hrs. on average
  • CWE-74

 

Hard
DOMPDF RCE IV
  • This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library
  • Completed by 9 students
  • Takes > 4 Hrs. on average
  • PHP