Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Mongo IDOR IV | 2-4 Hr. |  |
88 | PRO |
|
|
Mongo IDOR III | < 1 Hr. |  |
200 | PRO |
|
CVE-2024-X5X87
This challenge covers the review of a CVE in a go codebase and its patch
|
-- | |
82 | PRO |
|
API JWT REVOCATION
JWT
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. |  |
413 | PRO |
|
|
CVE-2022-XX975
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
87 | PRO |
|
|
Puzzle 06
Leverage a weak implementation of lowercase to access arbitrary files
|
< 1 Hr. | |
20 | PRO |
|
|
Puzzle 07
Leverage a weak implementation of lowercase to access arbitrary files
|
1-2 Hr. | |
20 | PRO |
|
|
API 18
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
497 | PRO |
|
|
API 19
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
486 | PRO |
|
|
API 20
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
466 | PRO |
|
|
API 16
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
438 | PRO |
|
|
API 17
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
408 | PRO |
|
|
GraphQL Authorization 01
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
375 | PRO |
|
|
GraphQL Authorization 02
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
386 | PRO |
|
|
Golang Code Review #03
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
133 | PRO |
|
|
Golang Code Review #01
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
173 | PRO |
|
|
CVE-2024-X90X6
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
110 | PRO |
|
|
CVE-2022-X10X8
This challenge covers the review of a CVE in a Golang codebase and its patch
|
1-2 Hr. | |
131 | PRO |
|
|
CVE-2022-2X8XX
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
144 | PRO |
|
|
ORM LEAK: SQLite
This exercise covers how to exploit an ORM leak vulnerability
|
1-2 Hr. | |
121 | PRO |
|
|
CVE-2024-2791X
This challenge covers the review of a CVE in a Golang codebase and its patch
|
2-4 Hr. | |
98 | PRO |
|
|
CVE-2023-51XX2
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
112 | PRO |
|
|
CVE-2022-X87X
This challenge covers the review of a CVE in a Golang codebase and its patch
|
-- | |
109 | PRO |
|
|
ORM LEAK 02
This exercise covers how to exploit an ORM leak vulnerability
|
< 1 Hr. | |
192 | PRO |
|
|
Puzzle 05
Authentication Bypass using an SQL injection without or 1=1
|
1-2 Hr. | |
34 | PRO |
|
|
CVE-2024-X3X06
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
94 | PRO |
|
|
CVE-2023-X5821
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
88 | PRO |
|
|
CVE-2022-2X24X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
205 | PRO |
|
|
CVE-2022-4x3x5
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
155 | PRO |
|
|
CVE-2023-3X4X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
182 | PRO |
Showing 91–120 of 713 exercises
Free Labs of the Month
