Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
CVE-2026-24895: FrankenPHP Path Confusion RCE using Unicode	< 1 Hr.	20	PRO
Latex: --shell-escape This exercise covers how one can leverage latex when pdflatex is used with the --shell-escape option to gain command execution.	< 1 Hr.	53	PRO
CVE-2022-24720 This exercise covers how one can leverage image processing in ActiveStorage to gain command execution.	1-2 Hr.	36	PRO
CVE-2024-47081	< 1 Hr.	26	PRO
SAML: CVE-2025-25291 This exercise covers the exploitation of CVE-2025-25291 (impacting ruby-saml)	2-4 Hr.	18	PRO
SAML: CVE-2025-29775 Signed Metadata This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto) without XMLResponse	2-4 Hr.	14	PRO
SAML: CVE-2025-29775 This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto)	1-2 Hr.	21	PRO
JSON Web Token XV: CVE-2022-39227 JWT This exercise covers the exploitation of polyglot token against python_jwt (CVE-2022-39227)	< 1 Hr.	42	PRO
Cache Poisoning 01 This exercise details how to exploit an application vulnerable to cache poisoning	< 1 Hr.	140	PRO
Cache Deception 02 This exercise details how to exploit an application vulnerable to cache deception	< 1 Hr.	134	PRO
Cache Deception 01 This exercise details how to exploit an application vulnerable to cache deception	< 1 Hr.	158	PRO
SAML: PySAML2 SSRF This exercise covers the exploitation of a SSRF in PySAML2	< 1 Hr.	281	PRO
JWT Algorithm Confusion with ECDSA Public Key Recovery JWT This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key	1-2 Hr.	45	PRO
SAML: CVE-2021-21239 This exercise covers the exploitation of CVE-2021-21239 (PySAML2)	1-2 Hr.	131	PRO
SAML: Malicious IDP This exercise covers the creation of a malicious IDP to forge an assertion	2-4 Hr.	80	PRO
SAML: Signature Wrapping III This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)	1-2 Hr.	186	PRO
CVE-2022-21449 JWT This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT	< 1 Hr.	185	PRO
OAuth2: Authorization Server XSS II This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server	< 1 Hr.	286	PRO
OAuth2: Authorization Server XSS This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server	< 1 Hr.	399	PRO
JWT Algorithm Confusion with RSA Public Key Recovery JWT This exercise covers the exploitation of algorithm confusion when no public key is available	< 1 Hr.	221	PRO
SAML: Comment Injection II This exercise covers the exploitation of a comment injection vulnerability in SAML	< 1 Hr.	653	PRO
SAML: Signature Wrapping II This exercise covers how to use Signature Wrapping to become an arbitrary user	< 1 Hr.	497	PRO
SAML: Signature Wrapping This exercise covers how to use Signature Wrapping to become an arbitrary user	< 1 Hr.	601	PRO
SAML: SAMLResponse forwarding This exercise covers how to pass the SAMLResponse from one Service Provider to another	< 1 Hr.	536	PRO
OAuth2: State Fixation This exercise covers the exploitation of a state fixation in an OAuth2 Client	1-2 Hr.	420	PRO
OAuth2: Predictable State II This exercise covers the exploitation of a predictable state in an OAuth2 Client	1-2 Hr.	281	PRO
OAuth2: Predictable State This exercise covers the exploitation of a predictable state in an OAuth2 Client	2-4 Hr.	304	PRO
SAML: Trusted Embedded Key This exercise covers the exploitation of a Service Provider (SP) that doesn't check the certificate provided in the SAMLResponse	< 1 Hr.	539	PRO
SAML: Known Key This exercise covers the exploitation of a known key in SAML	1-2 Hr.	553	PRO
OAuth2: Client Server XSS This exercise covers the exploitation of a Cross-Site Scripting in an OAuth2 Client and Server	1-2 Hr.	382	PRO

‹ 1 2 3 4 ›

Showing 1–30 of 97 exercises