Purple Team Web App Cyber Range

This cyber range contains three labs focused on understanding, exploiting, and mitigating a real vulnerability found in a real web application.

1 hour, 30 minutes

The Labs

Train hands-on

  • Purple Team Web App - Local File Inclusion to Remote Code Execution

    30 minutes
    Local file inclusion is a common vulnerability in websites where local files can be included in a server’s response. In addition to allowing for arbitrary files to be read, this vulnerability can sometimes allow for remote code execution. In this lab, we’ll take a look at an LFI and RCE vulnerability in Gila CMS while also learning more about how to use Burp Suite.
  • Purple Team Web App - Secure Coding with Gila CMS

    30 minutes
    Gila CMS version 1.11.8 and prior has a vulnerability that allows an attacker to read arbitrary files on the web server. In this lab, we’ll take a look at the code that allows for this exploit, scan the code with a static analyser, and mitigate the vulnerability. The local file inclusion vulnerability results from the processing of invalid types during the deletion of posts. When an admin requests that a post be deleted a request is sent to gila.ii/cm/delete with a “t” (standing for type) variable. Whatever file this is set to will be included in the server’s response.
  • Purple Team Web App - Web Application Firewalls

    30 minutes
    Sometimes, updating or editing code isn’t an option. In this case, a web application firewall may be a good choice. In this lab, we’ll take a look at ModSecurity, a common open-source web application firewall, to see how it does and doesn’t protect against a local file inclusion and remote code execution vulnerability in Gila CMS.

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments