Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2022-24720
This exercise covers how one can leverage image processing in ActiveStorage to gain command execution.
|
1-2 Hr. |  |
15 | PRO |
|
|
CVE-2024-47081 | < 1 Hr. | |
21 | PRO |
|
|
SAML: CVE-2021-21239
This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
|
1-2 Hr. | |
117 | PRO |
|
|
CVE-2022-21449
JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
169 | PRO |
|
|
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
|
< 1 Hr. | |
3801 | PRO |
|
|
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
|
< 1 Hr. | |
3714 | PRO |
|
|
CVE-2015-3224
This exercise is a challenge written for Nullcon CTF in 2015
|
< 1 Hr. | |
1632 | PRO |
|
|
CVE-2013-0156: Rails Object Injection
This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.
|
< 1 Hr. | |
4022 | PRO |
|
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. | |
4860 | PRO |
Showing 1–9 of 9 exercises
Free Labs of the Month
