WEBVERSE

Loading...

Zipline
mediumFree

Zipline

Zipline is a law firm document exchange portal with case file exports, client delivery workflows, and an internal configuration API.

bolaidordefault-credentialscredential-leakageinternal-api-pivot
python-3.12fastapistarlettesqlite3jinja2pyjwtbcrypthttpxuvicorn
Start This Lab

The Scenario

Zipline is a document exchange portal used by a small law firm to deliver case files to clients and external counsel.

A client alleges they accessed another party's documents without intending to, which triggered an internal compliance panic. The firm needs a definitive answer on whether the portal can leak data across cases or users. You've been brought in to test the portal's access boundaries, validate the claim, and determine how far an attacker could go if the weakness is real.

Lab Intel

Synopsis

Zipline have enlisted your services to determine whether their document exchange portal can leak case files across users. A client reported accessing another party's documents, triggering a compliance investigation, and the firm needs definitive proof of the exposure before regulators get involved.

Architecture

A medium-rated multi-service lab with three containers: an HTTP router, a public-facing case export portal, and an internal configuration API. The attack chain spans default credentials, BOLA/IDOR in download endpoints, credential extraction from debug artifacts inside zip files, and a pivot into an internal API via host-header routing -- making it significantly more involved than a single-vulnerability lab.

Who It's For

Intermediate practitioners who have completed a few easy web labs and are ready to chain multiple vulnerabilities together. You should be comfortable with proxy tools, understand basic authentication mechanisms (JWT, default credentials), and have some experience inspecting file contents for sensitive data.

Skills You'll Practice

  • HTTP proxy usage (Burp Suite or similar)
  • Basic JWT authentication concepts
  • File inspection and artifact analysis
  • Understanding of host-header routing and virtual hosts

What You'll Gain

  • BOLA/IDOR exploitation in download endpoints
  • Default credential identification
  • Credential extraction from bundled debug artifacts
  • Internal API pivoting via host-header manipulation
  • Multi-stage attack chaining

Ready to hack Zipline?

This lab is free. Sign up and start hacking.

Start This Lab