small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).

A side note about LFI and Leaking the php source of some sites

Repositori ini berisi file-file vulnerable terhadap bug tertentu yang saya jadikan demo pada artikel yang saya tulis di abaykan.com

A vulnerable lab for understanding difference between LFI and File Retrieval

The main goal of VWA is to provide a hands-on experience for security rookies on vulnerable web applications available for practicing and learning, so that they can attack realistic web environments… without going to jail :)

practice your LFI skills with PHP wrappers

Dépôt des challenges que j'ai réalisés pour l'évènement CTF Hacky'Nov à Aix-en-Provence 2022.

Web application VAPT project demonstrating detection and mitigation of LFI/RFI vulnerabilities using OWASP ZAP, Kali Linux, and Metasploitable with OWASP-aligned secure coding defenses.

CTF challenge: A store of a company selling onigiri hiding its secret ingredient. A "thread to the ball" machine to uncover the store's secrets.