Lab 5 - Directory Traversal - File path traversal, validation of start of path Lab Objective: This lab contains a path traversal vulnerability in the display of product images. The application ...

Lab 4 - Directory Traversal - File path traversal, traversal sequences stripped with superfluous URL-decode Lab Objective: This lab contains a path traversal vulnerability in the display of pro...

Lab 3 - Directory Traversal - File path traversal, traversal sequences stripped non-recursively Lab Objective: This lab contains a path traversal vulnerability in the display of product images....

Lab 2 - Directory Traversal - File path traversal, traversal sequences blocked with absolute path bypass Lab Objective: This lab contains a path traversal vulnerability in the display of produc...

Lab 1 - Directory Traversal - Simple Case Lab Objective: This lab contains a path traversal vulnerability in the display of product images. To solve the lab, retrieve the contents of the /etc/p...

Introduction Directory traversal or also known as file path traversal is a vulnerability that allows an attacker to read files on the server that is running the application. Reference: Rana K...

Authentication Mystery Labs Checklist There are two types of authentication methods we will examine. The first involves using credentials, where we will test default credentials. The second invo...

Lab 14 - 2FA bypass using a brute-force attack Lab Objective: This lab’s two-factor authentication is vulnerable to brute-forcing. You have already obtained a valid username and password, but d...

Lab 13 - Broken brute-force protection, multiple credentials per request Lab Objective: This lab is vulnerable due to a logic flaw in its brute-force protection. To solve the lab, brute-force C...

Lab 12 - Password brute-force via password change Lab Objective: This lab’s password change functionality makes it vulnerable to brute-force attacks. To solve the lab, use the list of candidate...