Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome.
Installation
Just clone the git with
git clone https://github.com/weev3/LKWA and move it to your web server and you are good to go.Current Vulns
- Blind RCE
- XSSI
- PHAR Deserialization
- PHP Object Injection
- PHP Object Injection via Cookies
- PHP Object Injection (Object Reference)
- SSRF
- Variables variable