WAF Lab PHP

This site is intentionally vulnerable and built to test WAF behavior in a controlled lab.

P1 - WAF Validation

Baseline WAF detection with request echo and raw body capture.

Reflected XSS testing.

SQL, command, and NoSQL style injection.

Unsafe file upload testing.

Path traversal testing.

Minimal GraphQL endpoint with introspection and batching support.

HTTP method tampering and override testing.

Input normalization playground.

Boundary tests and large payload handling.