Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
SSRF in PDF generation
This exercise covers how you can read arbitrary files when an application generates pdfs from provided links
|
< 1 Hr. |  |
918 | PRO |
|
OAuth2: Github HTTP HEAD
This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
|
< 1 Hr. |  |
463 | PRO |
|
SVG XSS
This exercise covers how to use an SVG to trigger a Cross-Site-Scripting
|
< 1 Hr. |  |
1883 | PRO |
|
Apache Pluto RCE
This exercise covers how to gain code execution on Apache Pluto 3.0.0 due to a flaw in the authorization logic
|
< 1 Hr. | |
557 | PRO |
|
JSON Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
|
< 1 Hr. | |
1505 | PRO |
|
|
Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
|
< 1 Hr. | |
1558 | PRO |
|
Code Review 02
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
632 | PRO |
|
|
postMessage() IV
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin and X-Frame-Options is used
|
< 1 Hr. | |
987 | PRO |
|
|
Code Review 01
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
907 | PRO |
|
|
Spring Actuators
This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
|
1-2 Hr. | |
297 | PRO |
|
|
postMessage() III
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
|
< 1 Hr. | |
1004 | PRO |
|
|
postMessage() II
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin
|
< 1 Hr. | |
1111 | PRO |
|
|
PHP phar://
This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
|
< 1 Hr. | |
361 | PRO |
|
|
Signing Oracle
This exercise covers how a signing oracle can be used to bypass authorization in place
|
< 1 Hr. | |
851 | PRO |
|
|
Length Extension Attack
This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability
|
1-2 Hr. | |
774 | PRO |
|
|
JSON Web Encryption
This exercise covers how you can create your own JWE if you have access to the public key used by the server
|
< 1 Hr. | |
545 | PRO |
|
|
postMessage()
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
|
< 1 Hr. | |
1269 | PRO |
|
|
CVE-2019-5418
This exercise details the exploitation of CVE-2019-5418 to get code execution
|
1-2 Hr. | |
515 | PRO |
|
|
Cross-Site WebSocket Hijacking
This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
|
< 1 Hr. | |
1113 | PRO |
|
|
JWT XII
JWT
This exercise covers how to use the x5u header to bypass an authentication based on JWT.
|
1-2 Hr. | |
697 | PRO |
|
|
Cross-Origin Resource Sharing II
This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
|
< 1 Hr. | |
1064 | PRO |
|
|
JWT XI
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
690 | PRO |
|
|
cve-2019-5420 II
This exercise details the exploitation of CVE-2019-5420 to gain code execution
|
1-2 Hr. | |
575 | PRO |
|
|
OAuth2: Client OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Client
|
< 1 Hr. | |
845 | PRO |
|
|
CVE-2019-5420
This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
|
2-4 Hr. | |
924 | PRO |
|
|
JWT X
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
785 | PRO |
|
|
GraphQL: SQL Injection
This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
|
1-2 Hr. | |
1486 | PRO |
|
|
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
|
< 1 Hr. | |
957 | PRO |
|
|
JWT IX
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
911 | PRO |
|
|
Gogs RCE II
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
< 1 Hr. | |
611 | PRO |
Showing 481–510 of 722 exercises
Free Labs of the Month
