Media Badge

2 Completed
4 Videos
16 Exercises
Coming soon
Easy image for ODF XXE

ODF XXE

  • This exercise covers the exploitation of an XXE in an ODF Parser
  • Takes -- on average
Easy image for SSRF in PDF generation

SSRF in PDF generation

  • This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide
  • 1 video
  • Completed by 664 students
  • Takes Less than an hour on average
Easy image for XSL PHP

XSL PHP

  • This exercise covers the exploitation of a PHP application using XSL
  • 1 video
  • Completed by 72 students
  • Takes Less than an hour on average
  • PHP
Easy image for XSL PHP II

XSL PHP II

  • This exercise covers the exploitation of a PHP application using XSL
  • 1 video
  • Completed by 56 students
  • Takes Less than an hour on average
  • PHP
Easy image for DOMPDF RCE

DOMPDF RCE

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • Completed by 25 students
  • Takes Less than an hour on average
  • PHP
Easy image for CVE-2022-39224

CVE-2022-39224

  • This exercise covers the exploitation of CVE-2022-39224
  • Completed by 6 students
  • Takes Between 2 and 4 hours on average
  • Ruby
  • CWE-78
Medium image for XSL PHP III

XSL PHP III

  • This exercise covers the exploitation of a PHP application using XSL
  • Completed by 26 students
  • Takes Less than an hour on average
  • PHP
Medium image for XSL PHP IV

XSL PHP IV

  • This exercise covers the exploitation of a PHP application using XSL
  • Completed by 8 students
  • Takes More than 4 hours on average
  • PHP
Medium image for DOMPDF RCE II

DOMPDF RCE II

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • Completed by 4 students
  • Takes Between 1 and 2 hours on average
  • PHP
Coming soon
Medium image for XSL Java

XSL Java

  • This exercise covers the exploitation of a Java application using XSL
  • Takes -- on average
  • Java
Medium image for SSRF via FFMPEG

SSRF via FFMPEG

  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 165 students
  • Takes Between 1 and 2 hours on average
  • Ruby/FFMpeg
Medium image for CVE-2021-22204: Exiftool RCE II

CVE-2021-22204: Exiftool RCE II

  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • Completed by 10 students
  • Takes Less than an hour on average
Medium image for CVE-2021-33564 Argument Injection in Ruby Dragonfly

CVE-2021-33564 Argument Injection in Ruby Dragonfly

  • This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
  • Completed by 62 students
  • Takes Less than an hour on average
  • CWE-88
Hard image for SSRF via FFMPEG II

SSRF via FFMPEG II

  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 82 students
  • Takes Between 1 and 2 hours on average
  • Ruby/FFMpeg
Hard image for XSL PHP V

XSL PHP V

  • This exercise covers the exploitation of a PHP application using XSL
  • Completed by 5 students
  • Takes Between 1 and 2 hours on average
  • PHP
Hard image for CVE-2021-22204: Exiftool RCE

CVE-2021-22204: Exiftool RCE

  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • 1 video
  • Completed by 104 students
  • Takes Between 1 and 2 hours on average
  • CWE-74