Cyber lab demo: web application hacking — 6point6


Last year we built an example vulnerable website, as a way of demonstrating the process of exploiting some example vulnerabilities. We’ve done the demo a few times to different audiences, most recently for one of our own teams, so we took advantage of Zoom’s recording feature.


  • Part I demonstrates exploiting a Local File Inclusion vulnerability.
  • Part II (33m49s) is a phishing/Cross-Site Request Forgery vulnerability.
  • Part III (44m12s) is a session hijacking demo.

The Demo