White Badge

The white badge is our first and easiest badge. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application. We usually recommend to start with this badge.

6

Exercises

1885

Completed this badge

5

CPEs

CVE-2014-6271/Shellshock

This exercise covers the exploitation of a Bash vulnerability through a CGI.

Difficulty: EASY
  • 1 video
  • CGI/Apache/Bash
  • Completed by 3366 students
  • Takes Less than an hour on average

JSON Web Token

This exercise covers the exploitation of a signature weakness in a JWT library.

Difficulty: EASY
  • 2 videos
  • PHP/Apache/Mysql
  • Completed by 3487 students
  • Takes Less than an hour on average

From SQL Injection to Shell

This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.

Difficulty: EASY
  • 1 video
  • PHP/Apache/Mysql
  • Completed by 3019 students
  • Takes Less than an hour on average

CVE-2007-1860: mod_jk double-decoding

This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

Difficulty: EASY
  • 2 videos
  • Tomcat/Apache
  • Completed by 2219 students
  • Takes Between 1 and 2 hours on average

Pickle Code Execution

This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data

Difficulty: EASY
  • 1 video
  • Python
  • Completed by 2242 students
  • Takes Less than an hour on average

Electronic Code Book

This exercise explains how you can tamper with an encrypted cookies to access another user's account.

Difficulty: MEDIUM
  • 2 videos
  • PHP/Apache
  • Completed by 2106 students
  • Takes Between 1 and 2 hours on average