Skip to content
This lab is created to demonstrate pass-the-hash, 2nd order sql injection and type juggling vulnerabilities
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities

Your goal

Do a source code review to find the following vulnerabilities and get logged in admin's account.

And get a reverse shell.

You can email me the walkthrough of your findings and scripts for exploiting.

email id:

difficult level - Intermediate


unzip the in /var/www/html/

Configuration in config.php

Replace mysql credentials with your credentials

   define('DB_SERVER', 'localhost');
   define('DB_USERNAME', 'root');
   define('DB_PASSWORD', 'toor');
   define('DB_DATABASE', 'trouble1');

setup database

root@kali:/var/www/html# service mysql start
root@kali:/var/www/html# mysql -u root -p -e "create database trouble1"
root@kali:/var/www/html# mysql -u root -p trouble1 < lab.sql
contact me on twitter for any help
You can’t perform that action at this time.