Media Badge

22 Videos
18 Exercises

Exercises

Easy image for SSRF in PDF generation

SSRF in PDF generation

  • This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide
  • 1 video
  • Completed by 757 students
  • Takes < 1 Hr. on average

 

Coming soon
Easy image for ODF XXE

ODF XXE

  • This exercise covers the exploitation of an XXE in an ODF Parser
  • Takes -- on average

 

Easy image for XSL PHP

XSL PHP

  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 193 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94,CWE-306

 

Easy image for XSL PHP II

XSL PHP II

  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 163 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94

 

Easy image for DOMPDF RCE

DOMPDF RCE

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 2 videos
  • Completed by 92 students
  • Takes < 1 Hr. on average
  • PHP

 

Easy image for CVE-2022-39224

CVE-2022-39224

  • This exercise covers the exploitation of CVE-2022-39224
  • 1 video
  • Completed by 47 students
  • Takes 2-4 Hrs. on average
  • Ruby
  • CWE-78

 

Medium image for XSL PHP III

XSL PHP III

  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 115 students
  • Takes < 1 Hr. on average
  • PHP
  • CWE-94

 

Medium image for XSL PHP IV

XSL PHP IV

  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 91 students
  • Takes 2-4 Hrs. on average
  • PHP
  • CWE-94

 

Medium image for DOMPDF RCE II

DOMPDF RCE II

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 3 videos
  • Completed by 34 students
  • Takes 2-4 Hrs. on average
  • PHP

 

Medium image for XSL Java

XSL Java

  • This exercise covers the exploitation of a Java application using XSL
  • 2 videos
  • Completed by 65 students
  • Takes < 1 Hr. on average
  • Java

 

Medium image for DOMPDF RCE III

DOMPDF RCE III

  • This exercise covers the exploitation of a vulnerability in the DOMPDF library
  • 2 videos
  • Completed by 19 students
  • Takes 2-4 Hrs. on average
  • PHP

 

Medium image for SSRF via FFMPEG

SSRF via FFMPEG

  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 199 students
  • Takes 1-2 Hrs. on average
  • Ruby/FFMpeg
  • CWE-918

 

Medium image for CVE-2021-22204: Exiftool RCE II

CVE-2021-22204: Exiftool RCE II

  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • Completed by 41 students
  • Takes < 1 Hr. on average
  • CWE-94,CWE-74

 

Medium image for CVE-2021-33564 Argument Injection in Ruby Dragonfly

CVE-2021-33564 Argument Injection in Ruby Dragonfly

  • This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
  • Completed by 98 students
  • Takes < 1 Hr. on average
  • CWE-88

 

Hard image for SSRF via FFMPEG II

SSRF via FFMPEG II

  • This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide
  • Completed by 98 students
  • Takes < 1 Hr. on average
  • Ruby/FFMpeg
  • CWE-918

 

Hard image for XSL PHP V

XSL PHP V

  • This exercise covers the exploitation of a PHP application using XSL
  • 2 videos
  • Completed by 68 students
  • Takes 1-2 Hrs. on average
  • PHP
  • CWE-94

 

Hard image for CVE-2021-22204: Exiftool RCE

CVE-2021-22204: Exiftool RCE

  • This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
  • 1 video
  • Completed by 136 students
  • Takes 1-2 Hrs. on average
  • CWE-74

 

Hard image for DOMPDF RCE IV

DOMPDF RCE IV

  • This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library
  • Completed by 8 students
  • Takes > 4 Hrs. on average
  • PHP