Security Lab

Real vulnerabilities. Real attacks. Safe environment.

Brute Force

A brute force attack tries many passwords until one succeeds. Weak passwords are easy to guess, so protecting login forms is critical to stop attackers from gaining access.

Username

Attempts: 0

Current password: —

Status: Waiting for attack

Password list

123456
password
qwerty
letmein
admin123

SQL Injection

SQL injection allows malicious input to alter the database query. It matters because attackers can bypass filters and retrieve all records from the system.

Search users

SQL Query

SELECT * FROM users WHERE username = '';

Search results

No results yet.

XSS (Cross Site Scripting)

XSS injects script into a web page so it runs in another user's browser. It matters because it can hijack sessions and manipulate page content without server permission.

Comment

Command Injection

Command injection occurs when user input is run by the server shell. It matters because attackers can execute system commands and access sensitive server data.

Ping host

File Upload

Unsafe file upload handling lets attackers store executable files on the server. It matters because those files can be accessed and run later as if they were trusted content.