White Badge

5392 Completed

16 Videos

6 Exercises

The white badge covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application. We usually recommend to start with this badge once you have finished the Introduction, Essential, Unix, PCAP badges.

Introduction Videos

Access to videos for this badge is only available with PentesterLab PRO

White Exercises

Easy

PENTESTERLAB

CVE-2014-6271/Shellshock

This exercise covers the exploitation of a Bash vulnerability through a CGI.
1 video
Completed by 8907 students
Takes < 1 Hr. on average
CGI/Apache/Bash
CWE-78

Easy

PENTESTERLAB

JSON Web Token None Algorithm

This exercise covers the exploitation of a signature weakness in a JWT library.
2 videos
Completed by 10017 students
Takes < 1 Hr. on average
PHP/Apache/Mysql
jwt
CWE-345,CWE-347

Medium

PENTESTERLAB

From SQL Injection to Shell

This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
2 videos
Completed by 8138 students
Takes < 1 Hr. on average
PHP/Apache/Mysql
SQL Injection
CWE-89

Medium

PENTESTERLAB

CVE-2007-1860: mod_jk double-decoding

This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
4 videos
Completed by 6076 students
Takes 1-2 Hrs. on average
Tomcat/Apache
CWE-22

Medium

PENTESTERLAB

Pickle Code Execution

This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
4 videos
Completed by 6385 students
Takes < 1 Hr. on average
Python

Medium

PENTESTERLAB

Electronic Code Book

This exercise explains how you can tamper with encrypted cookies to access another user's account
2 videos
Completed by 5836 students
Takes 1-2 Hrs. on average
PHP/Apache
Crypto