Vulnerable Environments
Browse our collection of pre-built vulnerable environments for security research and education. Each environment is containerized with Docker and comes with detailed documentation.
40 Results in Framework
Next.js Middleware Authorization Bypass
Explore the Next.js Middleware Authorization Bypass vulnerability and learn how to exploit it.
Struts2 S2-067 Upload Path Traversal
Explore the Struts2 S2-067 Upload Path Traversal vulnerability and learn how to exploit it.
Struts2 S2-066 Upload Path Traversal
Explore the Struts2 S2-066 Upload Path Traversal vulnerability and learn how to exploit it.
Spring Security Authorization Bypass in RegexRequestMatcher
Explore the Spring Security Authorization Bypass in RegexRequestMatcher vulnerability and learn how to exploit it.
Django Trunc(kind) and Extract(lookup_name) SQL Injection
Explore the Django Trunc(kind) and Extract(lookup_name) SQL Injection vulnerability and learn how to exploit it.
Spring Framework Data Binding Remote Code Execution on JDK 9+
Explore the Spring Framework Data Binding Remote Code Execution on JDK 9+ vulnerability and learn how to exploit it.
Spring Cloud Function SpEL Expression Command Injection
Explore the Spring Cloud Function SpEL Expression Command Injection vulnerability and learn how to exploit it.
Spring Cloud Gateway Actuator API SpEL Expression Injection Command Execution
Explore the Spring Cloud Gateway Actuator API SpEL Expression Injection Command Execution vulnerability and learn how to exploit it.
Django QuerySet.order_by() SQL Injection
Explore the Django QuerySet.order_by() SQL Injection vulnerability and learn how to exploit it.
Laravel Ignition 2.5.1 Remote Code Execution
Explore the Laravel Ignition 2.5.1 Remote Code Execution vulnerability and learn how to exploit it.
Struts2 S2-061 Remote Command Execution
Explore the Struts2 S2-061 Remote Command Execution vulnerability and learn how to exploit it.
Struts2 S2-059 Remote Command Execution
Explore the Struts2 S2-059 Remote Command Execution vulnerability and learn how to exploit it.
S2-032 Remote Code Execution
Explore the S2-032 Remote Code Execution vulnerability and learn how to exploit it.
Django GIS functions and aggregates on Oracle SQL Injection
Explore the Django GIS functions and aggregates on Oracle SQL Injection vulnerability and learn how to exploit it.
S2-045 Remote Code Execution
Explore the S2-045 Remote Code Execution vulnerability and learn how to exploit it.
S2-046 Remote Code Execution
Explore the S2-046 Remote Code Execution vulnerability and learn how to exploit it.
Django JSONField/HStoreField SQL Injection
Explore the Django JSONField/HStoreField SQL Injection vulnerability and learn how to exploit it.
Ruby on Rails Path Traversal and Arbitrary File Read
Explore the Ruby on Rails Path Traversal and Arbitrary File Read vulnerability and learn how to exploit it.
Ruby on Rails Path Traversal
Explore the Ruby on Rails Path Traversal vulnerability and learn how to exploit it.
Struts2 S2-057 Remote Command Execution
Explore the Struts2 S2-057 Remote Command Execution vulnerability and learn how to exploit it.
Django < 2.0.8 Open Redirect in CommonMiddleware
Explore the Django < 2.0.8 Open Redirect in CommonMiddleware vulnerability and learn how to exploit it.
Spring Messaging Remote Command Execution
Explore the Spring Messaging Remote Command Execution vulnerability and learn how to exploit it.
Spring Data Commons Remote Command Execution
Explore the Spring Data Commons Remote Command Execution vulnerability and learn how to exploit it.
Spring WebFlow Remote Code Execution
Explore the Spring WebFlow Remote Code Execution vulnerability and learn how to exploit it.
Spring Data Rest Remote Command Execution
Explore the Spring Data Rest Remote Command Execution vulnerability and learn how to exploit it.
Spring Security Oauth2 Remote Command Execution
Explore the Spring Security Oauth2 Remote Command Execution vulnerability and learn how to exploit it.
S2-016 Remote Code Execution
Explore the S2-016 Remote Code Execution vulnerability and learn how to exploit it.
S2-053 Remote Code Execution
Explore the S2-053 Remote Code Execution vulnerability and learn how to exploit it.
S2-052 Remote Code Execution
Explore the S2-052 Remote Code Execution vulnerability and learn how to exploit it.
Django 500 Debug Page Cross-Site Scripting (XSS)
Explore the Django 500 Debug Page Cross-Site Scripting (XSS) vulnerability and learn how to exploit it.
S2-048 Remote Code Execution
Explore the S2-048 Remote Code Execution vulnerability and learn how to exploit it.
S2-015 Remote Code Execution
Explore the S2-015 Remote Code Execution vulnerability and learn how to exploit it.
Flask (Jinja2) Server-Side Template Injection
Explore the Flask (Jinja2) Server-Side Template Injection vulnerability and learn how to exploit it.
S2-013 Remote Code Execution
Explore the S2-013 Remote Code Execution vulnerability and learn how to exploit it.
S2-012 Remote Code Execution
Explore the S2-012 Remote Code Execution vulnerability and learn how to exploit it.
S2-009 Remote Code Execution
Explore the S2-009 Remote Code Execution vulnerability and learn how to exploit it.
S2-008 Remote Code Execution
Explore the S2-008 Remote Code Execution vulnerability and learn how to exploit it.
S2-007 Remote Code Execution
Explore the S2-007 Remote Code Execution vulnerability and learn how to exploit it.
S2-005 Remote Code Execution
Explore the S2-005 Remote Code Execution vulnerability and learn how to exploit it.
S2-001 Remote Code Execution
Explore the S2-001 Remote Code Execution vulnerability and learn how to exploit it.