Vulnerable Web Application helps you test your penetration testing skills or learn penetration testing and help developers better understand web application security processes.
This app is made for beginners and teachers to teach/learn it better safety web applications. Feel free to edit/add code to this app.
Do not upload it to your hosting provider's public HTML file or to any web server that browses the Internet, as it will be compromised.
I suggest using docker, but you can use XAMPP or WAMP and use the folder /src/
$ docker-compose up --build server
Supported vulnerabilities
- Sql Injection
- Blind Sql Injection
- Authentication Bypass
- XSS Stored
- XSS Reflected
- File Upload
- Cross-Site Request Forgery
- Remote File Inclusion
- Local File Disclosure / Download
- Remote Code Execution
- Remote Command Execution
- PHP Object Injection
To install, enter the mysql database credentials in src / config / config.php
You can download the program from here.