Skip to content
#

os-command-injection

Here are 21 public repositories matching this topic...

Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

  • Updated Dec 15, 2023
  • PHP

This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).

  • Updated Jun 16, 2022
  • PHP

A deliberately vulnerable web application for security training and CTF practice. Built with Node.js, Express & MySQL. Covers OS Command Injection, SQL Injection, XSS (GET/POST), CSRF (GET/POST), and SSRF — each with an interactive demo page.

  • Updated Jun 21, 2026
  • HTML

Professional write-up and technical documentation for the "Blind OS Command Injection with Time Delays" lab from PortSwigger Web Security Academy. This repository explains the vulnerability, root cause, exploitation methodology, security impact, remediation recommendations, and includes proof of successful lab completion for educational purposes.

  • Updated Jun 30, 2026

Improve this page

Add a description, image, and links to the os-command-injection topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the os-command-injection topic, visit your repo's landing page and select "manage topics."

Learn more