This is a free, vulnerable web application built with OWASP TOP10 vulnerabilities.
The web app is written in PHP and it's very simply written in MVC model.
run the following commmand on terminal and access http://localhost:8000.
git clone https://github.com/wacker928/vulnweb.git & cd vulnweb
cd docker && docker compose up admin creds -> admin:admin
all the poc codes are stored in /script.
- XSS (reflective/stored/DOM: insert value is HTML tag, event handler, JavaScript) -> dashboard konnichiwa $username string not sanitised
- SQL injection (also blindSQLi)
- OS command injection -> /users/upload.php LFI->RCE possible
- XXE Injection: /users/xml.php
- NoSQLi: /searchId.php?id=1
- Open Redirect -> New functionality (UI) dashboard.php?url where header() is executed from client input (html embed).
- Directory Traversal -> include() with dashboard's new functionality
- Local File Inclusion -> include() with new dashboard functionality + PHP wrapper, .php files can also be displayed
- File Uploading leads to code execution -> /users/upload.php
- Forced Browsing -> Directory Listing, due to the lack of .htaccess file existing.
- IDOR (Privilege Escalation)
- IDOR (Lateral)
- CSRF