The orange badge is our third set of exercises. It covers a wide range of vulnerabilities targetting other clients of the applications (XSS, CSRF, CORS...)

  • Completed by 94 students

Introduction to CSP

  • Difficulty:

This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy

  • PHP/Apache/Mysql
  • Completed by 0 students

XSS and MySQL FILE Coming soon

  • Difficulty:

This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

  • PHP
  • Completed by 0 students

Brute-Force and CSRF Coming soon

  • Difficulty:

This exercise details how to do a brute-force attack and how to exploit a CSRF vulnerability

  • PHP/Apache/Mysql
  • Completed by 0 students

Cross-Origin Resource Sharing Coming soon

  • Difficulty:

This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if misconfigured.

  • Completed by 32 students

CVE-2018-6574: go get RCE

  • Difficulty:

This exercise covers a remote command execution in Golang's go get command.

  • Completed by 53 students

CVE-2016-5386: HTTPoxy

  • Difficulty:

This exercise covers the exploitation of HTTPoxy against an old version of Golang

  • Completed by 11 students

CVE-2018-11235: Git Submodule RCE

  • Difficulty:

This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution