Yellow Badge
The yellow badge is our second set of exercises. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application.
7
429
7
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
Difficulty: EASY- PHP
- Completed by 925 students
- Takes Less than an hour on average
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
Difficulty: EASY- 1 video
- Rails
- Completed by 835 students
- Takes Less than an hour on average
Cipher block chaining
This exercise details how to tamper with data encrypted using CBC
Difficulty: EASY- 2 videos
- PHP
- Completed by 633 students
- Takes Between 1 and 2 hours on average
Play Session Injection
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism
Difficulty: MEDIUM- 2 videos
- Java/Play
- Completed by 690 students
- Takes Less than an hour on average
Play XML Entities
This exercise covers the exploitation of a XML entities in the Play framework.
Difficulty: MEDIUM- 1 video
- Java/Play
- Completed by 513 students
- Takes Between 1 and 2 hours on average
JSON Web Token II
This exercise covers the exploitation of an issue with some implementations of JWT
Difficulty: MEDIUM- 2 videos
- PHP
- Completed by 791 students
- Takes Between 1 and 2 hours on average
Struts s2-045
This exercise covers a Remote Code Execution in Struts 2.
Difficulty: MEDIUM- Tomcat/Struts
- Completed by 764 students
- Takes Less than an hour on average