Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. |  |
149 | PRO |
|
CVE-2021-45xx9
This challenge covers a vulnerable snippet in a real Python application
|
< 1 Hr. |  |
687 | PRO |
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
304 | PRO |
|
|
PHP Snippet #07
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1603 | PRO |
|
|
PHP Snippet #08
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. |  |
1535 | PRO |
|
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1411 | PRO |
|
|
Python Snippet #03
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1803 | PRO |
|
|
Python Snippet #04
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1551 | PRO |
|
|
Python Snippet #05
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1730 | PRO |
|
|
CVE-2021-39x3x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
564 | PRO |
|
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
180 | PRO |
|
|
Java Snippet #05
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1367 | PRO |
|
|
Java Snippet #04
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1485 | PRO |
|
|
Ox Remote Code Execution II
This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.7
|
2-4 Hr. | |
37 | PRO |
|
|
CVE-2009-3x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
699 | PRO |
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2543 | PRO |
|
|
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2607 | PRO |
|
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2630 | PRO |
|
|
CVE-2021-381xx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
654 | PRO |
|
|
H2 RCE
This challenge covers how to gain code execution by leveraging an H2 database in a Java application
|
< 1 Hr. | |
130 | PRO |
|
|
TypeScript Snippet #06
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1110 | PRO |
|
|
TypeScript Snippet #09
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1149 | PRO |
|
|
TypeScript Snippet #08
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1126 | PRO |
|
|
TypeScript Snippet #07
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1055 | PRO |
|
|
TypeScript Snippet #05
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1245 | PRO |
|
|
TypeScript Snippet #04
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1221 | PRO |
|
|
CVE-2008-4x9x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
641 | PRO |
|
|
Log4j RCE II
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
1-2 Hr. | |
173 | PRO |
|
|
Log4j RCE
This challenge covers the latest RCE in Log4j
|
1-2 Hr. | |
296 | PRO |
|
|
CVE-2021-4379x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
731 | PRO |
Showing 241–270 of 692 exercises
Free Labs of the Month
