Hacking Headlines

Hacking Headlines

Learn about code vulnerability, why it happens, and how to eliminate it

Select a tutorial and start sharpening your skills!

Start

This is a free version.

Pwnkit

Known as CVE-2021-4034, Polkit was vulnerable to Local Privilege Escalation (LPE), meaning a non-privileged user can achieve root permissions. Play and Learn...

5-8 MIN

Pwnkit

Zabbix

In this interactive tutorial, you will learn about Zabbix Improper Session Handling (known as CVE-2022-23131). What is it, what was the vulnerability found and how was fixed. Play and learn…

5-8 MIN

Zabbix

Vert.X XXE

Vert.x-Web is a tool-kit for writing sophisticated modern web applications and HTTP microservices. In this interactive tutorial, we will demonstrate a recent XXE vulnerability found in Vert.x-web. Play and Learn...

5-8 MIN

Vert.X XXE

Flask Panel XSS

Flask-Admin is an extension of a python Flask framework. It lets users add admin interfaces to Flask applications. In this interactive tutorial, we will demonstrate a recent XSS vulnerability found in the Flask-Admin. Play and Learn...

5-8 MIN

Flask Panel XSS

Apache Unomi

Apache Unomi is a Java open-source platform for managing customers and tracking their behavior. In this interactive tutorial, you will learn about Remote Code Execution vulnerabilities that have been found recently in Apache Unomi. Play and Learn...

5-8 MIN

Apache Unomi

Mozilla-Bleach Mutation Cross-Site Scripting (mXSS)

Mozilla-Bleach is an HTML sanitizing library. After the sanitization process, the html code is processed by the browser. If the html code is malformed, the browser mutates the html, and after mutation, there is no sanitizer to make sure the html code doesn’t invoke scripts. In this interactive tutorial, you will learn how a sanitizer, which supposed to be a protection against XSS, might expose the application to mutation XSS.

5-8 MIN

Mozilla-Bleach Mutation Cross-Site Scripting (mXSS)

Cryptiles

Cryptiles is an npm package of crypto helper methods. In April 2019, this package was deprecated as a result of a security defect, a new package called @hapi/cryptiles was published and yet, the users kept downloading the deprecated version. In this interactive tutorial, you will learn about vulnerabilities that have been found in Cryptiles and what are the consequences of using a deprecated version. Play and Learn...

5-8 MIN

Cryptiles

eslint scope

ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. ECMAScript is a scripting-language specification standardized by Ecma International. eslint scope is the ECMAScript scope analyzer used in ESLint. In this interactive tutorial, you will learn how bad security habits of a developer could cause drastic consequences. Play and learn...

5-8 MIN

eslint scope

Pippo Deserialization

Pippo is an open source (Apache license) micro web framework in Java, with minimal dependencies and a quick learning curve. It is popular among the developers due to its ease of use. In this interactive tutorial, you will learn about a deserialization vulnerability that has been found recently in Pippo framework. Play and Learn...

5-8 MIN

Pippo Deserialization

Log4J

Some versions of Apache Log4j2 are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration which can execute remote code. Play and Learn...

5-8 MIN

Log4J