Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. |  |
149 | PRO |
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
304 | PRO |
|
CVE-2021-45xx9
This challenge covers a vulnerable snippet in a real Python application
|
< 1 Hr. |  |
770 | PRO |
|
|
PHP Snippet #07
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1729 | PRO |
|
|
PHP Snippet #08
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. |  |
1625 | PRO |
|
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1531 | PRO |
|
|
Python Snippet #05
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1858 | PRO |
|
|
Python Snippet #04
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1684 | PRO |
|
|
Python Snippet #03
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1828 | PRO |
|
|
CVE-2021-39x3x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
632 | PRO |
|
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
180 | PRO |
|
|
Java Snippet #04
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1618 | PRO |
|
|
Java Snippet #05
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1486 | PRO |
|
|
Ox Remote Code Execution II
This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.7
|
2-4 Hr. | |
38 | PRO |
|
|
CVE-2009-3x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
790 | PRO |
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2543 | PRO |
|
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2630 | PRO |
|
|
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2607 | PRO |
|
|
CVE-2021-381xx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
662 | PRO |
|
|
H2 RCE
This challenge covers how to gain code execution by leveraging an H2 database in a Java application
|
< 1 Hr. | |
130 | PRO |
|
|
TypeScript Snippet #09
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1171 | PRO |
|
|
TypeScript Snippet #08
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1146 | PRO |
|
|
TypeScript Snippet #07
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1078 | PRO |
|
|
TypeScript Snippet #06
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1133 | PRO |
|
|
TypeScript Snippet #05
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1268 | PRO |
|
|
TypeScript Snippet #04
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1241 | PRO |
|
|
CVE-2008-4x9x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
739 | PRO |
|
|
Log4j RCE II
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
1-2 Hr. | |
173 | PRO |
|
|
Log4j RCE
This challenge covers the latest RCE in Log4j
|
1-2 Hr. | |
296 | PRO |
|
|
CVE-2021-4379x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
738 | PRO |
Showing 271–300 of 722 exercises
Free Labs of the Month
