LKWA
Lesser-Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome.
Current Vulns
- Blind RCE
- XSSI
- PHAR Deserialization
- PHP Object Injection
- PHP Object Injection via Cookies
- PHP Object Injection (Object Reference)
- PHP Object Injection via Cookies
- SSRF
- Variables variable
Download
git clone https://github.com/weev3/LKWA.git
and move it to your web server
Source: https://github.com/weev3/
