White Badge

The white badge covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application. We usually recommend to start with this badge once you have finished the Introduction, Essential, Unix, PCAP badges.

White Exercises

Easy

PENTESTERLAB

CVE-2014-6271/Shellshock

• This exercise covers the exploitation of a Bash vulnerability through a CGI.
• 1 video
• Completed by 9066 students
• Takes < 1 Hr. on average
• CGI/Apache/Bash
• CWE-78

Easy

PENTESTERLAB

JSON Web Token None Algorithm

• This exercise covers the exploitation of a signature weakness in a JWT library.
• 2 videos
• Completed by 10127 students
• Takes < 1 Hr. on average
• PHP/Apache/Mysql
• JWT
• CWE-345,CWE-347

Medium

PENTESTERLAB

From SQL Injection to Shell

• This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
• 2 videos
• Completed by 8280 students
• Takes < 1 Hr. on average
• PHP/Apache/Mysql
• SQL Injection
• CWE-89

Medium

PENTESTERLAB

CVE-2007-1860: mod_jk double-decoding

• This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
• 4 videos
• Completed by 6176 students
• Takes 1-2 Hrs. on average
• Tomcat/Apache
• CWE-22

Medium

PENTESTERLAB

Pickle Code Execution

• This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
• 4 videos
• Completed by 6491 students
• Takes < 1 Hr. on average
• Python

Medium

PENTESTERLAB

Electronic Code Book

• This exercise explains how you can tamper with encrypted cookies to access another user's account
• 2 videos
• Completed by 5928 students
• Takes 1-2 Hrs. on average
• PHP/Apache
• Crypto