Skip to content
/ vulnerable-web Public

Simple vulnerability labs that created using PHP and MySQL.

License

MIT license
15 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

daffainfo/vulnerable-web

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
app
app
 
 
conf
conf
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
startup.sh
startup.sh
 
 

Repository files navigation

Vulnerable Web

Description

Simple vulnerability labs that created using PHP and MySQL. (Not for sale)

List of vulnerability:

  • Arbitrary File Upload
  • SQL Injection
  • CSRF
  • IDOR
  • Host Header Injection
  • Local File Inclusion
  • Open Redirect
  • Cross-Site Scripting
  • CRLF Injection

Notes Vulnerability

  • Host Header Injection

You need to import env_email and env_password in order to make Host Header Injection work

Pre Requisite

  • mysql-server
  • php8.1-fpm
  • php8.1-mysql
  • php8.1
  • nginx

Installation (Manual)

$ docker build -t vulnerable-web:latest --build-arg [email protected] --build-arg password_email=changeme .
$ docker run -p80:80 --name vulnerable-web -d -t vulnerable-web:latest
$ curl "http:https://localhost:80"

Installation (Docker Hub)

$ docker run -p80:80 --name vulnerable-web -t daffainfo/vulnerable-web:latest
$ curl "http:https://localhost:80"

About

Simple vulnerability labs that created using PHP and MySQL.

Topics

labs vulnerability bugs

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages