Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: New2OSx/JavaVulnerableLab
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: CSPF-Founder/JavaVulnerableLab
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 17 commits
  • 14 files changed
  • 2 contributors

Commits on Jan 24, 2018

  1. JavaVulnerableLab dockerized option.

    @m4n3dw0lf
    m4n3dw0lf committed Jan 24, 2018
    Configuration menu
    Copy the full SHA
    1c33746 View commit details
    Browse the repository at this point in the history

  2. Fixing README.md

    @m4n3dw0lf
    m4n3dw0lf committed Jan 24, 2018
    Configuration menu
    Copy the full SHA
    2726def View commit details
    Browse the repository at this point in the history

  3. Fixing README.md

    @m4n3dw0lf
    m4n3dw0lf committed Jan 24, 2018
    Configuration menu
    Copy the full SHA
    455954a View commit details
    Browse the repository at this point in the history

  4. Update README.md

    @m4n3dw0lf
    m4n3dw0lf authored Jan 24, 2018
    Configuration menu
    Copy the full SHA
    f01b1b4 View commit details
    Browse the repository at this point in the history

Commits on Jan 25, 2018

  1. Exposing only one port

    @m4n3dw0lf
    m4n3dw0lf committed Jan 25, 2018
    Configuration menu
    Copy the full SHA
    6ec4efd View commit details
    Browse the repository at this point in the history

Commits on Jan 29, 2018

  1. Automating setup for docker.

    @m4n3dw0lf
    m4n3dw0lf committed Jan 29, 2018
    Configuration menu
    Copy the full SHA
    d87637c View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2018

  1. Merge pull request CSPF-Founder#3 from m4n3dw0lf/master 

    Adding Docker option
    @CSPF-Founder
    CSPF-Founder authored Jan 31, 2018
    Configuration menu
    Copy the full SHA
    be656b2 View commit details
    Browse the repository at this point in the history

  2. Updating the link to VulnerableSpring project

    @CSPF-Founder
    CSPF-Founder authored Jan 31, 2018
    Configuration menu
    Copy the full SHA
    77bc549 View commit details
    Browse the repository at this point in the history

Commits on Jan 24, 2019

  1. Update README.md

    @CSPF-Founder
    CSPF-Founder authored Jan 24, 2019
    Configuration menu
    Copy the full SHA
    1556e32 View commit details
    Browse the repository at this point in the history

  2. Update README.md

    @CSPF-Founder
    CSPF-Founder authored Jan 24, 2019
    Configuration menu
    Copy the full SHA
    78c9ab6 View commit details
    Browse the repository at this point in the history

  3. Update README.md

    @CSPF-Founder
    CSPF-Founder authored Jan 24, 2019
    Configuration menu
    Copy the full SHA
    682f63c View commit details
    Browse the repository at this point in the history

  4. Update README.md

    @CSPF-Founder
    CSPF-Founder authored Jan 24, 2019
    Configuration menu
    Copy the full SHA
    8f6b34d View commit details
    Browse the repository at this point in the history

Commits on Jun 20, 2024

  1. docker-fix

    @CSPF-Founder
    CSPF-Founder authored Jun 20, 2024
    Configuration menu
    Copy the full SHA
    004fbac View commit details
    Browse the repository at this point in the history

  2. docker-compose-update

    @CSPF-Founder
    CSPF-Founder authored Jun 20, 2024
    Configuration menu
    Copy the full SHA
    f96f204 View commit details
    Browse the repository at this point in the history

Commits on May 9, 2026

  1. dockerfile-fix-deprecated-base-image

    @CSPF-Founder
    CSPF-Founder committed May 9, 2026
    Configuration menu
    Copy the full SHA
    5408dac View commit details
    Browse the repository at this point in the history

  2. add-xss5-challenge

    @CSPF-Founder
    CSPF-Founder committed May 9, 2026
    Configuration menu
    Copy the full SHA
    affe17b View commit details
    Browse the repository at this point in the history

Commits on May 10, 2026

  1. add-jdbc-connection-pool-to-survive-scanner-load 

    The lab was crashing when a vulnerability scanner hit it because every
servlet leaks its DB connection (no close), and DBConnect opens a fresh
DriverManager connection per request. Under load the JVM accumulated
leaked connections until it OOMed and MySQL hit max_connections=151.

Fix at the pool layer so no servlet/controller code changes (all
deliberate vulnerabilities preserved):

- Declare a tomcat-jdbc DataSource at jdbc/jvl in META-INF/context.xml
  with maxActive=50 and removeAbandoned=true (60s) so leaked connections
  are auto-reaped.
- Add resource-ref in web.xml.
- Make DBConnect.connect look up the pool via JNDI, with the original
  DriverManager path retained as a fallback.
- Copy mysql-connector-java into Tomcat's shared lib/ so the pool's
  container classloader can load the driver.
- Bump CATALINA_OPTS to -Xms256m -Xmx1024m.
- Set MySQL max_connections=500 and shorter wait_timeout/interactive_timeout.
- Add .dockerignore (mysql-data/, .git/, target/) and .gitignore.

Verified: 200 concurrent SQLi requests cap MySQL Threads_connected at
50 with Aborted_connects=0; SQLi auth bypass on /LoginValidator still
works.
    @CSPF-Founder
    CSPF-Founder committed May 10, 2026
    Configuration menu
    Copy the full SHA
    645e896 View commit details
    Browse the repository at this point in the history
Loading