The yellow badge is our second set of exercises. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application.

  • PHP
  • Completed by 424 students

CVE-2016-10033: PHPMailer RCE

  • Difficulty:

This exercise covers a remote code execution vulnerability in PHPMailer

  • Rails
  • Completed by 364 students

CVE-2016-2098

  • Difficulty:

This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data

  • PHP
  • Completed by 225 students

Cipher block chaining

  • Difficulty:

This exercise details how to tamper with data encrypted using CBC

  • 1 video
  • Java/Play
  • Completed by 286 students

Play Session Injection

  • Difficulty:

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

  • Java/Play
  • Completed by 203 students

Play XML Entities

  • Difficulty:

This exercise covers the exploitation of a XML entities in the Play framework.

  • PHP
  • Completed by 298 students

JSON Web Token II

  • Difficulty:

This exercise covers the exploitation of an issue with some implementations of JWT

  • Tomcat/Struts
  • Completed by 383 students

Struts s2-045

  • Difficulty:

This exercise covers a Remote Code Execution in Struts 2.