Exploit for web-security-lab-notes

Name: Exploit for web-security-lab-notes
Rating: 5 (6 reviews)
2026-06-25 | CVSS 0.0
## https://sploitus.com/exploit?id=1D2696A2-8C33-5878-869F-9FC45A3AA1D9
# Common Web Vulnerabilities: Reproduction and Fixing Practices

## Project Description

This repository is used to record the reproduction of common Web vulnerabilities using local authorized test environments, analysis of vulnerability mechanisms, assessment of risks, and recommendations for fixes. All tests are conducted in local authorized test environments such as DVWA and Pikachu. These tests are solely for security learning, understanding of vulnerabilities, and report writing exercises. They do not involve any real business systems, public network targets, or unauthorized testing.

## Project Objectives

Through this project, common Web security vulnerabilities will be systematically reproduced and documented into standardized reports. The following skills will be improved:
* Understanding of Web vulnerability mechanisms;
* Packet capturing and request analysis using Burp Suite;
* Organization of reproduction evidence for vulnerabilities;
* Analysis of risk impacts;
* Writing of security repair recommendations;
* Awareness of delivering security service reports.

## Reproduction Environment

* Operating System: Windows
* Web Environment: Little Pi Panel / PHP / MySQL
* Test Environments: DVWA, Pikachu
* Auxiliary Tools: Chrome, Burp Suite
* Testing Method: Local authorized test environment

## Completed Vulnerability Reports

| No. | Vulnerability Type | Test Environment | Report                                                                 |
| --- | ------------------- | --------------- | ------------------------------------------------------------------- |
| 01 | SQL Injection       | DVWA           | [01-sql-injection.md](reports/01-sql-injection.md)             |
| 02 | XSS                | DVWA           | [02-xss.md](reports/02-xss.md)                                 |
| 03 | File Upload Vulnerability | DVWA           | [03-file-upload.md](reports/03-file-upload.md)                 |
| 04 | Command Execution Vulnerability | DVWA | [04-command-injection.md](reports/04-command-injection.md)     |
| 05 | Directory Traversal / Arbitrary File Reading | DVWA | [05-directory-traversal.md](reports/05-directory-traversal.md) |
| 06 | Weak Password / Brute-force Attack | DVWA | [06-weak-password.md](reports/06-weak-password.md)             |
| 07 | Cross-Origin Request Vulnerability | Pikachu | [07-access-control.md](reports/07-access-control.md)           |
| 08 | SSRF (Server-Side Request Forgery) | Pikachu | [08-ssrf.md](reports/08-ssrf.md)                               |

## Screenshot Evidence Directory

| Vulnerability Type | Screenshot Directory |
| ------------------- | ---------------------- |
| SQL Injection | `screenshots/sql-injection/` |
| XSS | `screenshots/xss/`                 |
| File Upload   | `screenshots/file-upload/`         |
| Command Execution   | `screenshots/command-injection/`   |
| Directory Traversal   | `screenshots/directory-traversal/` |
| Weak Password    | `screenshots/weak-password/`       |
| Access Control Vulnerability   | `screenshots/access-control/`      |
| SSRF   | `screenshots/ssrf/`                |

## Report Format

Each vulnerability report is organized according to the following structure:
1. Overview of the vulnerability
2. Mechanism of the vulnerability
3. Reproduction environment
4. Steps of reproduction
5. Results of vulnerability verification
6. Risk impact
7. Repair recommendations
8. Conclusion of re-testing

## Security Statement

This repository is only used for learning in local authorized test environments and building security capabilities. All tests are conducted in legally authorized environments such as DVWA and Pikachu. They do not involve real business systems, public network targets, third-party systems, or unauthorized testing. Please do not use the testing methods in this project in unauthorized environments.