Yellow Badge

1955 Completed
11 Videos
7 Exercises

The yellow badge is our second set of exercises. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application.

Exercises

Medium
CVE-2016-10033: PHPMailer RCE
  • This exercise covers a remote code execution vulnerability in PHPMailer
  • 1 video
  • Completed by 3619 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-77

 

Medium
CVE-2016-2098
  • This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
  • 1 video
  • Completed by 3531 students
  • Takes < 1 Hr. on average
  • Rails
  • CWE-20

 

Medium
Cipher block chaining
  • This exercise details how to tamper with data encrypted using CBC
  • 2 videos
  • Completed by 2824 students
  • Takes 1-2 Hrs. on average
  • PHP
  • Crypto

 

Medium
Play Session Injection
  • This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism
  • 2 videos
  • Completed by 2800 students
  • Takes < 1 Hr. on average
  • Java/Play

 

Medium
Play XML Entities
  • This exercise covers the exploitation of XML entities in the Play framework
  • 1 video
  • Completed by 2182 students
  • Takes 1-2 Hrs. on average
  • Java/Play

 

Medium
JWT Algorithm Confusion
  • This exercise covers the exploitation of an issue with some implementations of JWT
  • 3 videos
  • Completed by 3630 students
  • Takes 1-2 Hrs. on average
  • PHP
  • jwt
  • cwe-310

 

Medium
Struts s2-045
  • This exercise covers a Remote Code Execution in Struts 2.
  • 1 video
  • Completed by 2683 students
  • Takes < 1 Hr. on average
  • Tomcat/Struts