Brown Badge

8

Exercises

0

Completed this badge

5

CPEs

Signing Oracle

This exercise covers how a signing oracle can be used to bypass authorization in place

Difficulty: EASY
  • 2 videos
  • Completed by 66 students
  • Takes Less than an hour on average

SSRF in PDF generation

This exercise covers how you can read abitrary files when an application generates pdf from a link you provide

Difficulty: EASY
  • Completed by 32 students
  • Takes Less than an hour on average

JS Prototype Pollution Coming soon

This exercise covers how to exploit Prototype Pollution against a JavaScript application

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

JSON Web Encryption

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver

Difficulty: EASY
  • 2 videos
  • Completed by 36 students
  • Takes Less than an hour on average

TBD Coming soon

TBD

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic

Difficulty: EASY
  • Completed by 18 students
  • Takes Less than an hour on average

PHP phar://

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.

Difficulty: MEDIUM
  • 1 video
  • Completed by 12 students
  • Takes Less than an hour on average

Spring Actuators

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.

Difficulty: MEDIUM
  • Completed by 11 students
  • Takes Between 1 and 2 hours on average