| Item # | Product Name | Price | Status |
|---|---|---|---|
| CM-001 | 56K Dial-Up Modem (Vintage) | $49.99 | In Stock |
| CM-002 | Y2K Compliance Software Suite | $199.99 | In Stock |
| CM-003 | Beige Desktop Tower (256MB RAM) | $899.99 | Limited |
| CM-004 | 3.5" Floppy Disk 10-Pack | $12.99 | In Stock |
Attack Tests
SQL Injection
Manipulates a database query by injecting SQL syntax into a user input field. A successful injection can return all rows from a table, bypassing authentication or exposing the entire database.
Cross-Site Scripting (XSS)
Injects a malicious script into a page viewed by other users. When executed in a victim's browser, the script can steal session cookies, redirect to phishing pages, or perform actions on behalf of the victim.
Command Injection
Appends operating system commands to an application input that gets passed to a system shell. A successful injection allows an attacker to execute arbitrary commands on the origin server, exposing files, credentials, and internal network data.
HTTP Header Injection
Injects malicious HTTP headers — often using CRLF sequences — to manipulate server responses, poison shared caches, or override trusted headers like X-Forwarded-For to spoof IP addresses and bypass access controls. All visitors to a poisoned cache receive attacker-controlled content.
Rate Limiting
Rate limiting controls how many requests a single IP can make within a time window. Two methods are shown below. Configure a rate limiting rule in the dashboard targeting this page or the API endpoint, then trigger it by refreshing rapidly or clicking the button repeatedly.
Refresh this page rapidly (F5 / Cmd+R). With a rate limiting rule applied to /demos/waf-attacks.html, Cloudflare will return a 429 response after your configured threshold.
Click the button below repeatedly. With a rate limiting rule applied to /api/rate-limit-test, the endpoint returns 429 Rate Limited after 10 requests per 30 seconds per IP.