Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2022-X41X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. |  |
138 | PRO |
|
|
CVE-2023-30XX1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
184 | PRO |
|
|
CVE-2023-2X8X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
177 | PRO |
|
SAML: PySAML2 SSRF
This exercise covers the exploitation of a SSRF in PySAML2
|
< 1 Hr. | |
251 | PRO |
|
|
CVE-2018-8x14
This challenge covers the review of a CVE in a Java codebase and its patch
|
2-4 Hr. | |
144 | PRO |
|
|
CVE-2014-X80X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
172 | PRO |
|
SAML: CVE-2021-21239
This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
|
1-2 Hr. | |
117 | PRO |
|
SAML: Malicious IDP
This exercise covers the creation of a malicious IDP to forge an assertion
|
2-4 Hr. | |
59 | PRO |
|
|
SAML: Signature Wrapping III
This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)
|
1-2 Hr. | |
173 | PRO |
|
|
XSL Java
This exercise covers the exploitation of a Java application using XSL
|
< 1 Hr. | |
125 | PRO |
|
|
DOMPDF RCE III
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
58 | PRO |
|
API Payments 07
This exercise covers a way to manipulate a shopping cart to lower the total amount
|
< 1 Hr. | |
897 | PRO |
|
|
CVE-2021-22204: Exiftool RCE II
This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
|
< 1 Hr. | |
82 | PRO |
|
|
XSL PHP IV
This exercise covers the exploitation of a PHP application using XSL
|
2-4 Hr. | |
150 | PRO |
|
|
API Payments 06
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
931 | PRO |
|
|
CVE-2022-39224
This exercise covers the exploitation of CVE-2022-39224
|
2-4 Hr. | |
98 | PRO |
|
|
XSL PHP III
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
170 | PRO |
|
|
DOMPDF RCE II
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
74 | PRO |
|
|
DOMPDF RCE
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
< 1 Hr. | |
156 | PRO |
|
|
XSL PHP II
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
234 | PRO |
|
|
API Payments 04
This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
|
< 1 Hr. | |
1189 | PRO |
|
|
XSL PHP
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
275 | PRO |
|
|
API Payments 03
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1296 | PRO |
|
|
CVE-2020-13xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
567 | PRO |
|
|
Code Review 18
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
324 | PRO |
|
|
API Payments 02
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1460 | PRO |
|
|
GCM Nonce Reuse
This challenge covers the impact of nonce reuse on GCM
|
< 1 Hr. | |
174 | PRO |
|
|
CVE-2019-5x2x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
521 | PRO |
|
|
Java Snippet #09
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1263 | PRO |
|
|
CVE-2022-26xx9
This challenge covers a vulnerable snippet in a real Java application
|
< 1 Hr. | |
601 | PRO |
Showing 31–60 of 250 exercises
Free Labs of the Month
