Brown Badge

8

Exercises

0

Completed this badge

5

CPEs

Signing Oracle

This exercise covers how a signing oracle can be used to bypass authorization in place

Difficulty: EASY
  • 2 videos
  • Completed by 91 students
  • Takes Less than an hour on average

SSRF in PDF generation

This exercise covers how you can read abitrary files when an application generates pdf from a link you provide

Difficulty: EASY
  • 1 video
  • Completed by 73 students
  • Takes Less than an hour on average

JS Prototype Pollution

This exercise covers how to exploit Prototype Pollution against a JavaScript application

Difficulty: EASY
  • 1 video
  • Completed by 37 students
  • Takes Less than an hour on average

JSON Web Encryption

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver

Difficulty: EASY
  • 2 videos
  • Completed by 50 students
  • Takes Less than an hour on average

TBD Coming soon

TBD

Difficulty: EASY
  • Completed by 0 student
  • Takes -- on average

Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic

Difficulty: EASY
  • 1 video
  • Completed by 32 students
  • Takes Less than an hour on average

PHP phar://

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.

Difficulty: MEDIUM
  • 1 video
  • Completed by 22 students
  • Takes Less than an hour on average

Spring Actuators

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.

Difficulty: MEDIUM
  • Completed by 15 students
  • Takes Between 1 and 2 hours on average