Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Web Fundamentals: Client-Side Code | -- |  |
6 | PRO |
|
|
Web Fundamentals: Databases | -- | |
6 | PRO |
|
|
Web Fundamentals: Sessions | -- | |
5 | PRO |
|
|
Web Fundamentals: Server-Side Code | -- | |
6 | PRO |
|
|
JS Sandbox: static-eval Destructuring Parameter Bypass
This exercise covers bypassing static-eval parameter validation using destructured parameters (ObjectPattern).
|
< 1 Hr. |  |
4 | PRO |
|
|
JS Sandbox: static-eval Direct Constructor Access
This exercise covers exploiting the original unpatched static-eval with unrestricted property access on functions.
|
< 1 Hr. | |
7 | PRO |
|
|
JS Sandbox: vm.runInNewContext Restricted Globals
This exercise covers escaping vm.runInNewContext when specific safe objects are provided but frozen, using Error objects or Promise callbacks.
|
< 1 Hr. | |
7 | PRO |
|
|
JS Sandbox: vm.runInNewContext Null Prototype
This exercise covers escaping vm.runInNewContext when the context is created with Object.create(null) so this.constructor is undefined.
|
< 1 Hr. | |
7 | PRO |
|
|
JS Sandbox: static-eval Function Property Blocked
This exercise covers bypassing post-2.0 static-eval that blocks member access on functions, using anonymous function bodies.
|
< 1 Hr. | |
8 | PRO |
|
CVE-2026-XX738
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
25 | PRO |
|
|
CVE-2026-XX242
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
24 | PRO |
|
|
Web Fundamentals: Introduction | < 1 Hr. | |
49 | PRO |
|
|
JS Sandbox: AST-Based Filtering
This exercise covers bypassing AST-based sandbox filtering using computed property access or Reflect.get().
|
-- | |
11 | PRO |
|
|
JS Sandbox: Type Confusion Bypass
This exercise covers bypassing string sanitization by sending an object when the sanitizer expects a string.
|
-- | |
10 | PRO |
|
|
JS Sandbox: Regex Filter Bypass
This exercise covers bypassing regex filters with hex escapes, unicode escapes, or base64 decoding.
|
< 1 Hr. | |
12 | PRO |
|
|
JS Sandbox: vm.runInNewContext Empty Context
This exercise covers escaping Node.js vm.runInNewContext with an empty sandbox object via the constructor chain.
|
-- | |
9 | PRO |
|
|
CVE-2025-XXXXX
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
< 1 Hr. | |
25 | PRO |
|
|
CVE-2026-XX27
This challenge covers the review of a CVE in a javascript codebase and its patch
|
-- | |
30 | PRO |
|
|
CVE-2026-XX292
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
33 | PRO |
|
|
CVE-2026-XX822
This challenge covers the review of a CVE in a typescript codebase and its patch
|
< 1 Hr. | |
34 | PRO |
|
|
CVE-2024-X7X95
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
< 1 Hr. | |
22 | PRO |
|
|
Web Fundamentals: Content Delivery Network | < 1 Hr. | |
56 | PRO |
|
|
Web Fundamentals: Virtual Hosts | < 1 Hr. | |
61 | PRO |
|
Web Fundamentals: HTTP | < 1 Hr. | |
76 | PRO |
|
|
Web Fundamentals: URL Parsing | < 1 Hr. | |
79 | PRO |
|
|
Web Fundamentals: Cookies | < 1 Hr. | |
69 | PRO |
|
|
Web Fundamentals: HTML | < 1 Hr. | |
74 | PRO |
|
|
Web Fundamentals: URL Encoding | < 1 Hr. | |
81 | PRO |
|
|
Web Fundamentals: HTML Forms | < 1 Hr. | |
66 | PRO |
|
|
Web Fundamentals: JSON | < 1 Hr. | |
62 | PRO |
Showing 1–30 of 738 exercises
Free Labs of the Month
