The yellow badge is our second set of exercises. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application.
- PHP
- Completed by 602 students
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
- Rails
- Completed by 531 students
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
- 2 videos
- PHP
- Completed by 364 students
Cipher block chaining
This exercise details how to tamper with data encrypted using CBC
- 1 video
- Java/Play
- Completed by 432 students
Play Session Injection
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism
- Java/Play
- Completed by 313 students
Play XML Entities
This exercise covers the exploitation of a XML entities in the Play framework.
- 2 videos
- PHP
- Completed by 480 students
JSON Web Token II
This exercise covers the exploitation of an issue with some implementations of JWT
- Tomcat/Struts
- Completed by 520 students
Struts s2-045
This exercise covers a Remote Code Execution in Struts 2.