White Badge

5267 Completed
16 Videos
6 Exercises

The white badge covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application. We usually recommend to start with this badge once you have finished the Introduction, Essential, Unix, PCAP badges.

White Videos

White Exercises

Easy
CVE-2014-6271/Shellshock
  • This exercise covers the exploitation of a Bash vulnerability through a CGI.
  • 1 video
  • Completed by 8709 students
  • Takes < 1 Hr. on average
  • CGI/Apache/Bash
  • CWE-78

 

Easy
JSON Web Token None Algorithm
  • This exercise covers the exploitation of a signature weakness in a JWT library.
  • 2 videos
  • Completed by 9760 students
  • Takes < 1 Hr. on average
  • PHP/Apache/Mysql
  • jwt
  • CWE-345,CWE-347

 

Medium
From SQL Injection to Shell
  • This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
  • 2 videos
  • Completed by 7963 students
  • Takes < 1 Hr. on average
  • PHP/Apache/Mysql
  • SQL Injection
  • CWE-89

 

Medium
CVE-2007-1860: mod_jk double-decoding
  • This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
  • 4 videos
  • Completed by 5949 students
  • Takes 1-2 Hrs. on average
  • Tomcat/Apache
  • CWE-22

 

Medium
Pickle Code Execution
  • This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
  • 4 videos
  • Completed by 6246 students
  • Takes < 1 Hr. on average
  • Python

 

Medium
Electronic Code Book
  • This exercise explains how you can tamper with encrypted cookies to access another user's account
  • 2 videos
  • Completed by 5702 students
  • Takes 1-2 Hrs. on average
  • PHP/Apache
  • Crypto