Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
SAML: Comment Injection
This exercise covers the exploitation of a comment injection vulnerability in SAML
|
< 1 Hr. |  |
1742 | PRO |
|
From SQL injection to Shell III: PostgreSQL Edition
SQL Injection
This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
|
2-4 Hr. | |
257 | PRO |
|
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
2-4 Hr. | |
499 | PRO |
|
XSS Include
XSS
This exercise covers how to use Cross-Site-Scripting Include to leak information
|
< 1 Hr. |  |
1378 | PRO |
|
|
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
< 1 Hr. | |
977 | PRO |
|
|
OAuth2: Authorization Server CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Authorization Server
|
1-2 Hr. | |
1173 | PRO |
|
|
OAuth2: Github HTTP HEAD
This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
|
< 1 Hr. |  |
465 | PRO |
|
|
SVG XSS
This exercise covers how to use an SVG to trigger a Cross-Site-Scripting
|
< 1 Hr. | |
1896 | PRO |
|
|
postMessage() IV
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin and X-Frame-Options is used
|
< 1 Hr. | |
991 | PRO |
|
|
postMessage() III
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
|
< 1 Hr. | |
1008 | PRO |
|
|
postMessage() II
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin
|
< 1 Hr. | |
1116 | PRO |
|
|
postMessage()
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
|
< 1 Hr. | |
1274 | PRO |
|
|
Cross-Site WebSocket Hijacking
This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
|
< 1 Hr. | |
1116 | PRO |
|
|
JWT XII
JWT
This exercise covers how to use the x5u header to bypass an authentication based on JWT.
|
1-2 Hr. | |
702 | PRO |
|
|
Cross-Origin Resource Sharing II
This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
|
< 1 Hr. | |
1067 | PRO |
|
|
JWT XI
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
695 | PRO |
|
|
OAuth2: Client OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Client
|
< 1 Hr. | |
849 | PRO |
|
|
JWT X
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
790 | PRO |
|
|
GraphQL: SQL Injection
This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
|
1-2 Hr. | |
1501 | PRO |
|
|
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
|
< 1 Hr. | |
961 | PRO |
|
|
JWT IX
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
918 | PRO |
|
Gogs RCE II
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
< 1 Hr. | |
616 | PRO |
|
|
JWT VIII
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
995 | PRO |
|
|
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
|
< 1 Hr. | |
2137 | PRO |
|
|
GraphQL Introspection
This exercise covers how to use introspection to get access to additional information in GraphQL.
|
< 1 Hr. | |
2448 | PRO |
|
|
Gogs RCE
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
1-2 Hr. | |
689 | PRO |
|
|
Android 07
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1493 | PRO |
|
|
Android 08
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1416 | PRO |
|
|
Android 06
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
< 1 Hr. | |
1743 | PRO |
|
|
Android 05
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
2046 | PRO |
Showing 31–60 of 97 exercises
Free Labs of the Month
