Orange Badge

The orange badge is our third set of exercises. It covers a wide range of vulnerabilities targetting other clients of the applications (XSS, CSRF, CORS...)

15

Exercises

98

Completed this badge

14

CPEs

Cross-Site Request Forgery

This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data

Difficulty: EASY
  • 2 videos
  • Completed by 528 students
  • Takes Less than an hour on average

JSON Cross-Site Request Forgery

This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used

Difficulty: EASY
  • 2 videos
  • Completed by 467 students
  • Takes Less than an hour on average

Introduction to CSP

This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy

Difficulty: EASY
  • 1 video
  • Completed by 1050 students
  • Takes Less than an hour on average

XSS Include

This exercise covers how one can use Cross-Site-Scripting Include to leak information.

Difficulty: EASY
  • 1 video
  • Ruby/Rails
  • Completed by 340 students
  • Takes Less than an hour on average

SVG XSS

This exercise covers how one can use SVG to trigger a Cross-Site-Scripting.

Difficulty: EASY
  • 1 video
  • Ruby/Rails
  • Completed by 491 students
  • Takes Less than an hour on average

Cross-Site WebSocket Hijacking

This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information

Difficulty: MEDIUM
  • 2 videos
  • Ruby/Sinatra
  • Completed by 355 students
  • Takes Between 1 and 2 hours on average

postMessage()

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information

Difficulty: MEDIUM
  • 2 videos
  • Ruby/Sinatra
  • Completed by 385 students
  • Takes Between 1 and 2 hours on average

postMessage() II

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin

Difficulty: MEDIUM
  • 2 videos
  • Ruby/Sinatra
  • Completed by 326 students
  • Takes Less than an hour on average

postMessage() III

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting

Difficulty: MEDIUM
  • 2 videos
  • Ruby/Sinatra
  • Completed by 293 students
  • Takes Between 1 and 2 hours on average

postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

Difficulty: MEDIUM
  • 1 video
  • HTML/Javascript
  • Completed by 273 students
  • Takes Less than an hour on average

CVE-2018-6574: go get RCE

This exercise covers a remote command execution in Golang's go get command.

Difficulty: MEDIUM
  • 1 video
  • Completed by 319 students
  • Takes Less than an hour on average

CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

This exercise covers the exploitation of HTTPoxy against an old version of Golang

Difficulty: MEDIUM
  • 2 videos
  • Completed by 355 students
  • Takes Less than an hour on average

Cross-Origin Resource Sharing II

This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.

Difficulty: MEDIUM
  • 1 video
  • Ruby/Sinatra/Angular
  • Completed by 296 students
  • Takes Less than an hour on average

CVE-2018-11235: Git Submodule RCE

This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution

Difficulty: HARD
  • Completed by 164 students
  • Takes Between 1 and 2 hours on average

Cross-Site Leak

This exercise covers how one can use Cross-Site Leak to recover sensitive information

Difficulty: HARD
  • 1 video
  • Completed by 136 students
  • Takes Between 2 and 4 hours on average