Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Mongo IDOR
This challenge covers how to exploit an IDOR when Mongo IDs are used
|
< 1 Hr. |  |
1154 | PRO |
|
CVE-2008-5x8x_ii
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
544 | PRO |
|
|
Java Snippet #06
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1281 | PRO |
|
CVE-2022-21449
JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
169 | PRO |
|
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. | |
149 | PRO |
|
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
304 | PRO |
|
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1411 | PRO |
|
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
180 | PRO |
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2543 | PRO |
|
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2630 | PRO |
|
|
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2607 | PRO |
|
|
CVE-2021-381xx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
654 | PRO |
|
|
TypeScript Snippet #05
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1245 | PRO |
|
|
TypeScript Snippet #09
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1149 | PRO |
|
API 08
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. | |
1677 | PRO |
|
|
CVE-2021-4xx50
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
743 | PRO |
|
|
JDBC RCE
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
65 | PRO |
|
|
TypeScript Snippet #03
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1309 | PRO |
|
|
Golang Snippet #12
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1053 | PRO |
|
|
API 07
API
Angular
This exercise covers how one can inspect JavaScript code to identify information leak.
|
< 1 Hr. | |
1847 | PRO |
|
|
CVE-2021-40438
This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
|
< 1 Hr. | |
341 | PRO |
|
|
CVE-2021-41773 II
This challenge covers how to gain code execution by leveraging CVE-2021-41773
|
1-2 Hr. | |
209 | PRO |
|
|
HTTP 36
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2874 | PRO |
|
|
HTTP 40
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2829 | PRO |
|
|
HTTP 38
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2833 | PRO |
|
|
HTTP 37
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2780 | PRO |
|
|
PHP Snippet #04
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1717 | PRO |
|
|
PHP Snippet #05
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1627 | PRO |
|
|
Java Snippet #02
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1667 | PRO |
|
|
PHP Snippet #02
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
2048 | PRO |
Showing 61–90 of 250 exercises
Free Labs of the Month
