Brown Badge
8
Exercises
0
Completed this badge
5
CPEs
Signing Oracle
This exercise covers how a signing oracle can be used to bypass authorization in place
Difficulty: EASY- 2 videos
- Completed by 66 students
- Takes Less than an hour on average
SSRF in PDF generation
This exercise covers how you can read abitrary files when an application generates pdf from a link you provide
Difficulty: EASY- Completed by 32 students
- Takes Less than an hour on average
JS Prototype Pollution Coming soon
This exercise covers how to exploit Prototype Pollution against a JavaScript application
Difficulty: EASY- Completed by 0 student
- Takes -- on average
JSON Web Encryption
This exercise covers how you can create your own JWE if you have access to the public key used by the se rver
Difficulty: EASY- 2 videos
- Completed by 36 students
- Takes Less than an hour on average
TBD Coming soon
TBD
Difficulty: EASY- Completed by 0 student
- Takes -- on average
Apache Pluto RCE
This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic
Difficulty: EASY- Completed by 18 students
- Takes Less than an hour on average
PHP phar://
This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
Difficulty: MEDIUM- 1 video
- Completed by 12 students
- Takes Less than an hour on average
Spring Actuators
This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
Difficulty: MEDIUM- Completed by 11 students
- Takes Between 1 and 2 hours on average