You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enhance docker-compose.yml and README with new labs
- Added multiple new vulnerable application labs including `token-tower`, `render-reign`, and `deserial-gate` with corresponding Dockerfiles and application code.
- Updated `docker-compose.yml` to include configurations for the new labs, ensuring proper network settings and port mappings.
- Revised `README.md` to document the new labs, detailing their objectives and access instructions.
- Updated existing Dockerfiles for various labs to use a consistent Python base image (3.14-slim) and improved dependency management.
The application uses Python's `pickle` module to serialize and deserialize user preferences in a cookie. Your goal is to exploit insecure deserialization to gain Remote Code Execution (RCE).
5
+
6
+
## Vulnerabilities
7
+
1.**Insecure Deserialization**: The application uses `pickle.loads` on untrusted user input from the `user_prefs` cookie.
8
+
9
+
## How to Run
10
+
Access the lab at `http://<IP>:5022` or `http://localhost:5022`.
0 commit comments