Vulnerable Web Application helps you test your penetration testing skills or learn penetration testing and help developers better understand web application security processes.
This app is made for beginners and educators to teach/learn web application security. Feel free to edit/add code in this application.
Do not upload it to your hosting provider's public HTML file or to any web server that browses the Internet, as it will be compromised.
I suggest using docker, but you can use XAMPP or WAMP and use the folder /src/
$ docker-compose up --build server
Supported vulnerabilities
- Sql Injection
- Blind Sql Injection
- Authentication Bypass
- XSS Stored
- XSS Reflected
- File Upload
- Cross-Site Request Smithy
- Remote File Inclusion
- Local File Disclosure / Download
- Remote Code Execution
- Remote Command Execution
- PHP Object Injection
To install, enter the mysql database credentials in src / config / config.php
You can download the program from here.