Cyber lab demo: web application hacking — 6point6

6point6
1 min readJul 1, 2020

--

Introduction

Last year we built an example vulnerable website, as a way of demonstrating the process of exploiting some example vulnerabilities. We’ve done the demo a few times to different audiences, most recently for one of our own teams, so we took advantage of Zoom’s recording feature.

Sections

  • Part I demonstrates exploiting a Local File Inclusion vulnerability.
  • Part II (33m49s) is a phishing/Cross-Site Request Forgery vulnerability.
  • Part III (44m12s) is a session hijacking demo.

The Demo

https://www.youtube.com/watch?v=_2spn6xTQjY

For our latest research, and for links and comments on other research, follow our Lab on Twitter.

Alternatively, get in touch if you’d like to chat to us.

Originally published at https://6point6.co.uk.

--

--

6point6

Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.