Cylab Play - Vulnerable Apps

Cylab Play is a collection of vulnerable applications that can be used to illustrate and experiment with different kinds of vulnerabilities.

SQL GET Injection

A web application that can be hacked using SQL injection attack. The app uses a MySQL database and parameters are sent using a GET request.

SQL Injection

A web application that can be hacked using SQL injection attack. The app uses a MySQL database.

SQLite Injection

A web application that can be hacked using SQL injection attack. The app uses a SQLite database.

Brute Force

A web application that can be hacked using a brute force attack.

Upload

A vulnerable web application suffering from unrestricted file upload

Blog

Web shells and the dangers of unrestricted file upload
In previous blog posts, we have already illustrated two web application vulnerabilities: brute force login cracking and SQL injection. In this post we illustrate a 3rd vulnerability, unrestricted file upload, and show how it can be exploited using a web shell.
Jan 26, 2023 | 188 views
Crack a login page : the easy way
In this blog post, we will show that a login page from a web application can be easily cracked if the application does not implement specific protections against this kind of attack.
Jan 24, 2023 | 210 views
SQL injection with SQLMap
Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.
Jan 11, 2023 | 312 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept