Orange Badge
406 Completed
22 Videos
15 Exercises
The orange badge is our third set of exercises. It covers a wide range of vulnerabilities targetting other clients of the applications (XSS, CSRF, CORS...)
Exercises
Medium
PENTESTERLAB
Introduction to CSP
- This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
- 1 video
- Completed by 2362 students
- Takes < 1 Hr. on average
Medium
PENTESTERLAB
JSON Cross-Site Request Forgery
- This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
- 2 videos
- Completed by 1396 students
- Takes < 1 Hr. on average
Medium
PENTESTERLAB
SVG XSS
- This exercise covers how to use an SVG to trigger a Cross-Site-Scripting
- 1 video
- Completed by 1699 students
- Takes < 1 Hr. on average
- Ruby/Rails
- CWE-79
Medium
PENTESTERLAB
CVE-2018-6574: go get RCE
- This exercise covers a remote command execution in Golang's go get command.
- 1 video
- Completed by 847 students
- Takes < 1 Hr. on average
- CWE-94
Medium
PENTESTERLAB
CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict
- This exercise covers the exploitation of HTTPoxy against an old version of Golang
- 3 videos
- Completed by 882 students
- Takes < 1 Hr. on average
- CWE-284
Medium
PENTESTERLAB
Cross-Origin Resource Sharing II
- This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
- 1 video
- Completed by 991 students
- Takes < 1 Hr. on average
- Ruby/Sinatra/Angular
Medium
PENTESTERLAB
Cross-Site WebSocket Hijacking
- This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
- 2 videos
- Completed by 1046 students
- Takes < 1 Hr. on average
- Ruby/Sinatra
Medium
PENTESTERLAB
postMessage()
- This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
- 2 videos
- Completed by 1163 students
- Takes < 1 Hr. on average
- Ruby/Sinatra
Medium
PENTESTERLAB
postMessage() II
- This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin
- 2 videos
- Completed by 1023 students
- Takes < 1 Hr. on average
- Ruby/Sinatra
Medium
PENTESTERLAB
postMessage() III
- This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
- 2 videos
- Completed by 922 students
- Takes 1-2 Hrs. on average
- Ruby/Sinatra
Medium
PENTESTERLAB
postMessage() IV
- This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin and X-Frame-Options is used
- 1 video
- Completed by 908 students
- Takes < 1 Hr. on average
- HTML/Javascript
Medium
PENTESTERLAB
Cross-Site Request Forgery
- This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
- 2 videos
- Completed by 1474 students
- Takes < 1 Hr. on average
- CWE-352
Hard
PENTESTERLAB
Cross-Site Leak
- This exercise covers how to use Cross-Site Leak to recover sensitive information
- 1 video
- Completed by 543 students
- Takes 2-4 Hrs. on average
- Ruby