Burp Bounty Lab

WARNING: Intentionally vulnerable application for testing Burp Bounty profiles.

XSS (14 profiles)

Reflected XSS Attribute Context Comment Context Tag Context JavaScript Context URL Context DOM Context XSS Discovery Params Blind XSS (Collaborator) XSS Encoded

SQL Injection (7 profiles)

Error-based SQLi SQLi by ID SQLi Login Form Time-based SQLi Status Code SQLi Content Length SQLi OOB SQLi (Collaborator)

Remote Code Execution (13 profiles)

Command Injection PHP-style Eval Echo RCE Expect RCE Blind RCE (Collaborator) Log4j (Collaborator) React2Shell CVE-2025-55182

Path Traversal (2 profiles + CVEs)

File Read (Linux) File Read (Windows) PHP-style Include

SSRF (6 profiles)

URL Fetch Proxy URL Scheme Image Proxy

Open Redirect (3 profiles)

Basic Redirect Login Redirect Outbound Redirect Parameter Pollution Redirect

CORS Misconfiguration (1 profile)

CORS API Endpoint

CRLF Injection (1 profile)

Language Setter

SSTI (1 profile)

Template Render Content Preview

XXE (3 profiles)

XML Parser XML Upload SOAP Endpoint

GraphQL (6 profiles)

GraphQL Endpoint GraphQL IDE

CVEs (42 profiles)

WordPress (10 profiles)

WP Login XMLRPC User Enum JSON oEmbed Author Sitemap WP Config WP Admin Dir WP Content Dir Easy WP SMTP Insert PHP Plugin Duplicator

Spring Boot (2 profiles)

Actuator Root Actuator Env Actuator Health Actuator Metrics Actuator Loggers

Drupal (2 profiles)

User Autocomplete User Profile

DWR (1 profile)

DWR Interface DWR Engine

Misc Discovery

Source Code Disclosure .git exposed .svn exposed Swagger UI API Endpoint

Passive Detection Triggers

Secrets in Response Insecure Cookies Missing Security Headers Technology Fingerprints Vuln Parameters API Path Detection GraphQL Path Detection

Header Injection (Collaborator)

X-Headers Injection Host Header Injection Password Reset Headers