Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2022-357X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. |  |
163 | PRO |
|
|
CVE-2023-2X8X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. |  |
177 | PRO |
|
|
CVE-2023-30XX1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
184 | PRO |
|
SAML: PySAML2 SSRF
This exercise covers the exploitation of a SSRF in PySAML2
|
< 1 Hr. | |
251 | PRO |
|
|
CVE-2022-378xx
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
364 | PRO |
|
|
CVE-2022-x0x09
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
199 | PRO |
|
|
CVE-2018-8x14
This challenge covers the review of a CVE in a Java codebase and its patch
|
2-4 Hr. | |
144 | PRO |
|
JWT Algorithm Confusion with ECDSA Public Key Recovery
JWT
This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key
|
1-2 Hr. |  |
38 | PRO |
|
|
CVE-2022-458X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
207 | PRO |
|
|
CVE-2014-X80X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
172 | PRO |
|
|
CVE-2015-3XX0
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
153 | PRO |
|
SAML: CVE-2021-21239
This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
|
1-2 Hr. | |
117 | PRO |
|
|
CVE-2023-2XX60
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
161 | PRO |
|
|
CVE-2023-2XX61
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
170 | PRO |
|
|
CVE-2022-393XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
166 | PRO |
|
|
SAML: Malicious IDP
This exercise covers the creation of a malicious IDP to forge an assertion
|
2-4 Hr. | |
59 | PRO |
|
|
DOMPDF RCE IV
This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library
|
> 4 Hr. | |
27 | PRO |
|
|
SAML: Signature Wrapping III
This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)
|
1-2 Hr. | |
173 | PRO |
|
|
XSL Java
This exercise covers the exploitation of a Java application using XSL
|
< 1 Hr. | |
125 | PRO |
|
|
DOMPDF RCE III
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
58 | PRO |
|
|
XSL PHP V
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
117 | PRO |
|
API Payments 07
This exercise covers a way to manipulate a shopping cart to lower the total amount
|
< 1 Hr. | |
897 | PRO |
|
|
CVE-2021-22204: Exiftool RCE II
This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
|
< 1 Hr. | |
82 | PRO |
|
|
XSL PHP IV
This exercise covers the exploitation of a PHP application using XSL
|
2-4 Hr. | |
150 | PRO |
|
|
API Payments 06
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
931 | PRO |
|
|
CVE-2022-39224
This exercise covers the exploitation of CVE-2022-39224
|
2-4 Hr. | |
98 | PRO |
|
|
XSL PHP III
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
170 | PRO |
|
|
DOMPDF RCE II
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
74 | PRO |
|
|
DOMPDF RCE
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
< 1 Hr. | |
156 | PRO |
|
|
API Payments 05
This exercise covers how to abuse a shopping cart allowing users to apply a voucher.
|
< 1 Hr. | |
888 | PRO |
Showing 181–210 of 692 exercises
Free Labs of the Month
