The orange badge is our third set of exercises. It covers a wide range of vulnerabilities targetting other clients of the applications (XSS, CSRF, CORS...)
- Completed by 94 students
Introduction to CSP
This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
- PHP/Apache/Mysql
- Completed by 0 students
XSS and MySQL FILE Coming soon
This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.
- PHP
- Completed by 0 students
Brute-Force and CSRF Coming soon
This exercise details how to do a brute-force attack and how to exploit a CSRF vulnerability
- PHP/Apache/Mysql
- Completed by 0 students
Cross-Origin Resource Sharing Coming soon
This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if misconfigured.
- Completed by 32 students
CVE-2018-6574: go get RCE
This exercise covers a remote command execution in Golang's go get command.
- Completed by 53 students
CVE-2016-5386: HTTPoxy
This exercise covers the exploitation of HTTPoxy against an old version of Golang
- Completed by 11 students
CVE-2018-11235: Git Submodule RCE
This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution