Cyber lab demo: web application hacking — 6point6


Last year we built an example vulnerable website, as a way of demonstrating the process of exploiting some example vulnerabilities. We’ve done the demo a few times to different audiences, most recently for one of our own teams, so we took advantage of Zoom’s recording feature.


  • Part I demonstrates exploiting a Local File Inclusion vulnerability.
  • Part II (33m49s) is a phishing/Cross-Site Request Forgery vulnerability.
  • Part III (44m12s) is a session hijacking demo.

The Demo

For our latest research, and for links and comments on other research, follow our Lab on Twitter.

Alternatively, get in touch if you’d like to chat to us.

Originally published at



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.