Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
API Payments 04
This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
|
< 1 Hr. |  |
1242 | PRO |
|
XSL PHP
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
285 | PRO |
|
|
API Payments 03
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1351 | PRO |
|
CVE-2020-13xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
682 | PRO |
|
|
Code Review 18
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
396 | PRO |
|
|
API Payments 02
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1516 | PRO |
|
|
GCM Nonce Reuse
This challenge covers the impact of nonce reuse on GCM
|
< 1 Hr. | |
188 | PRO |
|
|
CVE-2019-5x2x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
625 | PRO |
|
|
Java Snippet #09
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1402 | PRO |
|
|
CVE-2022-26xx9
This challenge covers a vulnerable snippet in a real Java application
|
< 1 Hr. | |
635 | PRO |
|
|
Mongo IDOR
This challenge covers how to exploit an IDOR when Mongo IDs are used
|
< 1 Hr. | |
1200 | PRO |
|
|
CVE-2008-5x8x_ii
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
653 | PRO |
|
|
Java Snippet #06
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1428 | PRO |
|
CVE-2022-21449
JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
185 | PRO |
|
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. | |
152 | PRO |
|
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
355 | PRO |
|
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1569 | PRO |
|
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
196 | PRO |
|
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2719 | PRO |
|
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2651 | PRO |
|
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2746 | PRO |
|
|
CVE-2021-381xx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
689 | PRO |
|
|
TypeScript Snippet #05
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1308 | PRO |
|
|
TypeScript Snippet #09
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1212 | PRO |
|
|
API 08
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. | |
1819 | PRO |
|
|
CVE-2021-4xx50
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
844 | PRO |
|
|
JDBC RCE
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
70 | PRO |
|
|
Golang Snippet #12
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1100 | PRO |
|
|
TypeScript Snippet #03
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1368 | PRO |
|
|
API 07
API
Angular
This exercise covers how one can inspect JavaScript code to identify information leak.
|
< 1 Hr. | |
1913 | PRO |
Showing 61–90 of 260 exercises
Free Labs of the Month
