Lab 2 - High-level logic vulnerability Lab Objective: This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended pri...

Lab 1 - Excessive trust in client-side controls Lab Objective: This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unint...

Lab 3 - Blind OS command injection with output redirection Lab Objective: This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell...

Lab 2 - Blind OS command injection with time delays Lab Objective: This lab contains a blind OS command injection vulnerability in the feedback function. The application executes a shell comman...

Lab 1 - OS Command Injection - Simple Case Lab Objective: This lab contains an OS command injection vulnerability in the product stock checker. The application executes a shell command containi...

Introduction OS Command Injection is a vulnerability that consists of an attacker executing commands on the host operating system via a vulnerable application. Reference: Rana Khalil Academy ...

1. Use basic directory traversal: ../../../../etc/passwd 2. Use absolute path: /etc/passwd 3. Use recursion: ..././..././..././..././etc/passwd 4. Use double url encoding %25%32%65%25%32%65%2...

Lab 6 - Directory Traversal - File path traversal, validation of file extension with null byte bypass Lab Objective: This lab contains a path traversal vulnerability in the display of product i...

Lab 5 - Directory Traversal - File path traversal, validation of start of path Lab Objective: This lab contains a path traversal vulnerability in the display of product images. The application ...

Lab 4 - Directory Traversal - File path traversal, traversal sequences stripped with superfluous URL-decode Lab Objective: This lab contains a path traversal vulnerability in the display of pro...