Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome.

Just clone the git with git clone and move it to your web server and you are good to go.

Current Vulns

  • Blind RCE
  • XSSI
  • PHAR Deserialization
  • PHP Object Injection
  • PHP Object Injection via Cookies
  • PHP Object Injection (Object Reference)
  • SSRF
  • Variables variable

Download LKWA

Leave a Reply

Your email address will not be published. Required fields are marked *