Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
API Payments 01
API
This exercise covers a simple payments bypass.
|
< 1 Hr. |  |
2009 | PRO |
|
CVE-2022-26xx9
This challenge covers a vulnerable snippet in a real Java application
|
< 1 Hr. |  |
629 | PRO |
|
|
Python Snippet #09
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1825 | PRO |
|
|
Python Snippet #08
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1616 | PRO |
|
|
Python Snippet #07
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1696 | PRO |
|
Mongo IDOR
This challenge covers how to exploit an IDOR when Mongo IDs are used
|
< 1 Hr. | |
1197 | PRO |
|
|
CVE-2005-2x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. |  |
646 | PRO |
|
|
CVE-2008-5x8x_ii
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
649 | PRO |
|
|
Golang Snippet #01
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1808 | PRO |
|
|
Java Snippet #06
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1425 | PRO |
|
|
Python Snippet #06
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1829 | PRO |
|
CVE-2022-21449
JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
183 | PRO |
|
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. | |
151 | PRO |
|
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
352 | PRO |
|
|
CVE-2021-45xx9
This challenge covers a vulnerable snippet in a real Python application
|
< 1 Hr. | |
790 | PRO |
|
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1567 | PRO |
|
|
PHP Snippet #08
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1661 | PRO |
|
|
PHP Snippet #07
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1767 | PRO |
|
|
Python Snippet #03
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1872 | PRO |
|
|
Python Snippet #04
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1726 | PRO |
|
|
Python Snippet #05
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1906 | PRO |
|
|
CVE-2021-39x3x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
653 | PRO |
|
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
194 | PRO |
|
|
Java Snippet #04
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1666 | PRO |
|
|
Java Snippet #05
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1525 | PRO |
|
|
Ox Remote Code Execution II
This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.7
|
2-4 Hr. | |
40 | PRO |
|
|
CVE-2009-3x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
806 | PRO |
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2650 | PRO |
|
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2743 | PRO |
|
|
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2717 | PRO |
Showing 271–300 of 734 exercises
Free Labs of the Month
