Hacktivity is a treasure trove of vulnerability data and tactics. You’ve got newly published reports from across the web, staple programs that believe in the power of defaulting to disclosure and transparency.
So we took five disclosed reports and partnered with HackEDU team to create sandbox environments available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered.
So here, in all their glory, are the hacktivity reports and their respective sandbox environments that you can hack hack hack til you drop drop drop.
Test your hacking skills in these 5
Highly wormable clickjacking in player card (Report #85624)
Reported to Twitter by @filedescriptor
Description: In this clickjacking example, it’s possible to set up an attack that can spread from user to user.
XXE in Site Audit function exposing file and directory contents (Report #312543)
Reported to SEMRush by @achapman
Description: This is an XML External Entity vulnerability where hackers can read arbitrary files from the server.
RCE by command line argument injection (Report #212696)
Reported to Imgur by @neex
Description: Get control of the server via a unique command injection.
SQL injection (Report #273946)
Reported to Grabtaxi by @jouku
Description: Track down and exploit a SQL injection vulnerability using sqlmap.
Stealing contact form data on hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP (Report #207042)
Reported to HackerOne by @fransrosen
Description: Work your way to a successful exploitation from this interesting XSS vulnerability.
Learn how to hack and level up your skills
It’s never been easier or funner to learn how to hack than it is today with HackerOne’s Hacker101 content and CTF. And it just got even better with these amazing sandbox training resources.
Let us know what you think and how you fair in the latest hacking challenge. Tweet about the hunt, and as always, happy hacking!