White Badge
The white badge is our first and easiest badge. It covers a wide range of web vulnerabilities to give people a view of what kind of issues can be found in web application. We usually recommend to start with this badge.
6
2688
5
CVE-2014-6271/Shellshock
This exercise covers the exploitation of a Bash vulnerability through a CGI.
Difficulty: EASY- 1 video
- CGI/Apache/Bash
- Completed by 4657 students
- Takes Less than an hour on average
JSON Web Token
This exercise covers the exploitation of a signature weakness in a JWT library.
Difficulty: EASY- 2 videos
- PHP/Apache/Mysql
- Completed by 4909 students
- Takes Less than an hour on average
From SQL Injection to Shell
This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.
Difficulty: EASY- 1 video
- PHP/Apache/Mysql
- Completed by 4190 students
- Takes Less than an hour on average
CVE-2007-1860: mod_jk double-decoding
This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
Difficulty: EASY- 2 videos
- Tomcat/Apache
- Completed by 3119 students
- Takes Between 1 and 2 hours on average
Pickle Code Execution
This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
Difficulty: EASY- 2 videos
- Python
- Completed by 3215 students
- Takes Less than an hour on average
Electronic Code Book
This exercise explains how you can tamper with an encrypted cookies to access another user's account.
Difficulty: MEDIUM- 2 videos
- PHP/Apache
- Completed by 2977 students
- Takes Between 1 and 2 hours on average