White Badge

5239 Completed
16 Videos
6 Exercises

The white badge covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application. We usually recommend to start with this badge once you have finished the Introduction, Essential, Unix, PCAP badges.

White Videos

White Exercises

Easy
CVE-2014-6271/Shellshock
  • This exercise covers the exploitation of a Bash vulnerability through a CGI.
  • 1 video
  • Completed by 8681 students
  • Takes < 1 Hr. on average
  • CGI/Apache/Bash
  • CWE-78

 

Easy
JSON Web Token None Algorithm
  • This exercise covers the exploitation of a signature weakness in a JWT library.
  • 2 videos
  • Completed by 9724 students
  • Takes < 1 Hr. on average
  • PHP/Apache/Mysql
  • jwt
  • CWE-345,CWE-347

 

Medium
From SQL Injection to Shell
  • This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
  • 2 videos
  • Completed by 7938 students
  • Takes < 1 Hr. on average
  • PHP/Apache/Mysql
  • SQL Injection
  • CWE-89

 

Medium
CVE-2007-1860: mod_jk double-decoding
  • This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
  • 4 videos
  • Completed by 5926 students
  • Takes 1-2 Hrs. on average
  • Tomcat/Apache
  • CWE-22

 

Medium
Pickle Code Execution
  • This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
  • 4 videos
  • Completed by 6218 students
  • Takes < 1 Hr. on average
  • Python

 

Medium
Electronic Code Book
  • This exercise explains how you can tamper with encrypted cookies to access another user's account
  • 2 videos
  • Completed by 5677 students
  • Takes 1-2 Hrs. on average
  • PHP/Apache
  • Crypto