Cyber lab demo: web application hacking — 6point6

1 min readJul 1, 2020


Last year we built an example vulnerable website, as a way of demonstrating the process of exploiting some example vulnerabilities. We’ve done the demo a few times to different audiences, most recently for one of our own teams, so we took advantage of Zoom’s recording feature.


  • Part I demonstrates exploiting a Local File Inclusion vulnerability.
  • Part II (33m49s) is a phishing/Cross-Site Request Forgery vulnerability.
  • Part III (44m12s) is a session hijacking demo.

The Demo

For our latest research, and for links and comments on other research, follow our Lab on Twitter.

Alternatively, get in touch if you’d like to chat to us.

Originally published at




Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.