Home
Vulnerability
A1- Injection
SQL Injection
Sql Injection 1
Authentication Bypass
Blind SQLi 1
Union 2
XPath Injection
Login Bypass
XML Injection
External Entity
XSLT Injection
ORM Injection
A2- Broken Authentication & Session Management
UserName Enumeration
Brute Foce Login Page
Session ID in URL
Improper Authentication: Privilege Escalation
A3- XSS
Reflected(GET)
Challenge 1
Challenge 2
Challenge 3
Challenge 4
Flash Based
Challenge 1
Challenge 2
Stored XSS(Persistent)
A4-Insecure Direct Object References
Viewing Details
Modifying email ID
Download Document
A5-Security Misconfiguration
Setup Page not removed
Default Admin Credentials not changed
Error Handling
A6-Sensitive Data Exposure
Cleartext Transmission of Sensitive Information
Storing Login Credentials in Plain Text
Storing Login Credentials in Plain Text in a cookie
Hashed Credentials
A7- Missing Function Level Access Control
Challenge 1:Bypass Admin Login
Challenge 2: Add Page
Configure
Crawlers
A8- CSRF
CSRF 1(GET): Change Info
CSRF 2(POST): Change Password
A9- Using components with known vulnerabilities
Web Application using Spring Framework
A10. Unvalidated Redirect & Forward..
Open Redirect
Open Forward
Forum
LogIn
Register
Contact
Java Vulnerable Lab
Welcome to Java Vulnerable Lab !
A Deliberately vulnerable Web Application built on JAVA designed to teach Web Application Security.
Copyrights ©
Cyber Security & Privacy Foundation