Yellow Badge

The yellow badge is our second set of exercises. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application.

7

Exercises

377

Completed this badge

7

CPEs

CVE-2016-10033: PHPMailer RCE

This exercise covers a remote code execution vulnerability in PHPMailer

Difficulty: EASY
  • PHP
  • Completed by 844 students
  • Takes Less than an hour on average

CVE-2016-2098

This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data

Difficulty: EASY
  • Rails
  • Completed by 755 students
  • Takes Less than an hour on average

Cipher block chaining

This exercise details how to tamper with data encrypted using CBC

Difficulty: EASY
  • 2 videos
  • PHP
  • Completed by 564 students
  • Takes Between 1 and 2 hours on average

Play Session Injection

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

Difficulty: MEDIUM
  • 1 video
  • Java/Play
  • Completed by 622 students
  • Takes Less than an hour on average

Play XML Entities

This exercise covers the exploitation of a XML entities in the Play framework.

Difficulty: MEDIUM
  • Java/Play
  • Completed by 448 students
  • Takes Between 1 and 2 hours on average

JSON Web Token II

This exercise covers the exploitation of an issue with some implementations of JWT

Difficulty: MEDIUM
  • 2 videos
  • PHP
  • Completed by 701 students
  • Takes Between 1 and 2 hours on average

Struts s2-045

This exercise covers a Remote Code Execution in Struts 2.

Difficulty: MEDIUM
  • Tomcat/Struts
  • Completed by 707 students
  • Takes Less than an hour on average