easyFree
DocketHive
Assess the DocketHive event ticketing platform. Register, poke around, and see what you can read.
lfiphpweb
PHPApacheSQLite
The Scenario
DocketHive is a Portland-based event ticketing SaaS. You've been handed a scope
document and told to take a look at their platform before it goes to a wider
audience. Create an account and start exploring.
Lab Intel
Synopsis
A real-world PHP web application with a subtle flaw in how it handles file access. No brute force required — just careful observation.
Architecture
A beginner-friendly PHP lab built around a common developer oversight. The vulnerability exists in a legitimate feature of the application.
Who It's For
Anyone who's done basic path traversal challenges and wants to understand why filters don't always work the way developers intend.
Skills You'll Practice
- Web application enumeration
- HTTP parameter analysis
- Reading server responses carefully
- Linux fundamentals
What You'll Gain
- Understand how file-serving endpoints can become security boundaries
- Learn why partial input filters often leave room for alternative approaches
- Get comfortable reading and decoding encoded server responses