Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2013-0156: Rails Object Injection
This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.
|
< 1 Hr. |  |
4069 | PRO |
|
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. | |
4880 | PRO |
|
|
CVE-2014-6271/Shellshock
This exercise covers the exploitation of a Bash vulnerability through a CGI.
|
< 1 Hr. |  |
9112 | FREE |
|
|
CVE-2007-1860: mod_jk double-decoding
This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
|
1-2 Hr. | |
6198 | FREE |
|
|
CVE-2012-6081: MoinMoin code execution
This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website
|
-- |  |
0 | FREE |
|
|
CVE-2008-1930: WordPress Cookie Integrity Flaw
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
|
< 1 Hr. | |
29 | FREE |
|
|
CVE-2012-2661: ActiveRecord SQL injection
This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database
|
-- | |
0 | FREE |
|
|
CVE-2012-1823: PHP CGI
This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
|
-- | |
1 | FREE |
Showing 181–188 of 188 exercises
Free Labs of the Month
