LKWA – Lesser Known Web Attack Lab

LKWA 1 lkwa

Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome.

Installation
Just clone the git with git clone https://github.com/weev3/LKWA and move it to your web server and you are good to go.

Current Vulns

  • Blind RCE
  • XSSI
  • PHAR Deserialization
  • PHP Object Injection
  • PHP Object Injection via Cookies
  • PHP Object Injection (Object Reference)
  • SSRF
  • Variables variable
Download LKWA
Original Source