Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
API Payments 04
This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
|
< 1 Hr. |  |
1235 | PRO |
|
XSL PHP
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
284 | PRO |
|
|
API Payments 03
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1342 | PRO |
|
CVE-2020-13xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
678 | PRO |
|
|
Code Review 18
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
394 | PRO |
|
|
API Payments 02
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1508 | PRO |
|
|
GCM Nonce Reuse
This challenge covers the impact of nonce reuse on GCM
|
< 1 Hr. | |
186 | PRO |
|
|
CVE-2019-5x2x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
621 | PRO |
|
|
Java Snippet #09
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1398 | PRO |
|
|
CVE-2022-26xx9
This challenge covers a vulnerable snippet in a real Java application
|
< 1 Hr. | |
629 | PRO |
|
|
Mongo IDOR
This challenge covers how to exploit an IDOR when Mongo IDs are used
|
< 1 Hr. | |
1197 | PRO |
|
|
CVE-2008-5x8x_ii
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
649 | PRO |
|
|
Java Snippet #06
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1425 | PRO |
|
CVE-2022-21449
JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
183 | PRO |
|
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. | |
151 | PRO |
|
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
352 | PRO |
|
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1567 | PRO |
|
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
194 | PRO |
|
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2717 | PRO |
|
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2650 | PRO |
|
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2743 | PRO |
|
|
CVE-2021-381xx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
684 | PRO |
|
|
TypeScript Snippet #05
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1308 | PRO |
|
|
TypeScript Snippet #09
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1211 | PRO |
|
|
API 08
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. | |
1812 | PRO |
|
|
CVE-2021-4xx50
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
840 | PRO |
|
|
JDBC RCE
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
68 | PRO |
|
|
Golang Snippet #12
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1101 | PRO |
|
|
TypeScript Snippet #03
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1368 | PRO |
|
|
API 07
API
Angular
This exercise covers how one can inspect JavaScript code to identify information leak.
|
< 1 Hr. | |
1906 | PRO |
Showing 61–90 of 260 exercises
Free Labs of the Month
