Orange Badge

The orange badge is our third set of exercises. It covers a wide range of vulnerabilities targetting other clients of the applications (XSS, CSRF, CORS...)

10

Exercises

0

Completed this badge

7

CPEs

Introduction to CSP

This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy

Difficulty: EASY

1 video
Completed by 372 students
Takes Less than an hour on average

XSS and MySQL FILE Coming soon

This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

Difficulty: EASY

PHP/Apache/Mysql
Completed by 0 student
Takes -- on average

Brute-Force and CSRF Coming soon

This exercise details how to do a brute-force attack and how to exploit a CSRF vulnerability

Difficulty: EASY

PHP
Completed by 0 student
Takes -- on average

Cross-Site WebSocket Hijacking

This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information

Difficulty: MEDIUM

Ruby/Sinatra
Completed by 31 students
Takes Between 1 and 2 hours on average

postMessage()

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information

Difficulty: MEDIUM

Ruby/Sinatra
Completed by 22 students
Takes Between 1 and 2 hours on average

postMessage() II Coming soon

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin

Difficulty: MEDIUM