Welcome to VulnLab

A comprehensive vulnerable web application designed for security education and penetration testing practice.

Get Started Create Account

🔐 Authentication Flaws

Explore vulnerabilities in login, registration, OTP verification, and password reset mechanisms.

  • SQL Injection
  • Parameter Tampering
  • OTP Bypass & Reuse
  • Username Enumeration

🚫 Authorization Issues

Practice exploiting IDOR, privilege escalation, and missing access controls.

  • IDOR Vulnerabilities
  • Privilege Escalation
  • Horizontal/Vertical Access
  • Missing Function Controls

💉 Injection Attacks

Test SQL injection, command injection, and file inclusion vulnerabilities.

  • SQL Injection
  • Command Injection
  • LFI & RFI
  • Header Injection

🎭 Cross-Site Scripting

Discover reflected, stored, and SVG-based XSS vulnerabilities.

  • Reflected XSS
  • Stored XSS
  • SVG XSS
  • DOM-based XSS

🔑 JWT Vulnerabilities

Exploit weak JWT implementations and algorithm confusion.

  • None Algorithm
  • Weak Secret Keys
  • Token Manipulation
  • Algorithm Confusion

🍪 Session & Cookie Flaws

Manipulate sessions, hijack cookies, and exploit session fixation.

  • Session Hijacking
  • Cookie Manipulation
  • Session Fixation
  • Predictable Session IDs

📚 Learning Resources

This application is designed for educational purposes. Use it to: