YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!
~ New vulnerable code snippet at Twitter @yeswehack every Friday! π
If you want to see something special or if you just have an idea about a vulnerable code snippet, feel free to create a "New Issue" where you explain your idea, no idea is stupid.
Be sure to run this in a secure environment, as the code is vulnerable and is intended to be used for learning code analysis!
A Collection of all vulnerable code snippets posted on our Twitter π
π#1 - SQLi & XSS | Backslash filter collide
π#2 - Improper file access & XSS | Invalid char and regex verificaion
π#3 - Log Forging injection, Path traversal & Code injection | Poor filter and improper include() handling
π#4 - XSS | Invalid user input filter
π#5 - SSRF & Broken authorization | Trusted user input and client IP from header
π#6 - SSTI | Mixed input format
π#7 - SQLi | Use of invalid variable within statement
π#8 - CSRF | No CSRF token included
π#9 - Open Redirect | Invalid regex handler
π#10 - DOM XSS | Backend filter collide with client side JavaScript
π#11 - CORS | Misconfigured Access-Control-Allow header
π#12 - CSRF/ClickJacking | GET request CSRF with insecure delete process / ClickJacking - X-Frame-Options set in HTML meta tag
π#13 - Path Traversal/Unrestricted File Upload | Poor Path Traversal and file upload protection results in a code injection
π#14 - DOS | Incorrect operator handler in "for loop"
π#15 - Weak Password Recovery Mechanism for Forgotten Password | Weak hash for password recovery
π#16 - IDOR | insecure if statement leads to improper access control
π#17 - Insecure deserialization | Execute trusted user input inside pickle function "loads()"
π#18 - Path Traversal | Improper user validation of filename
π#19 - Open Redirect | Invalid handling of user-controlled input "location.hash"
π#20 - SQL injection | Invalid use of function replace(), The char is only replaced once
π#21 - PostMessage DOM XSS | No origin validation, leading to PostMessage DOM XSS
π#22 - XSS/OpenRedirect | The filter protection does not filter all special characters that can be used to exploit the vulnerabilities
π#23 - Buffer overflow | Take user's STDIN input with the gets() function without checking the buffer size
π#24 - SQL injection | Incorrect use of the PHP function "addslashes()"
π#25 - XSS - CSP bypass | No validation of user input along with insecure handling of nonce
π#26 - Path Traversal | The filter provided by the PHP function "preg_replace()" is limited to filtering only the first 10 characters
π#27 - Web Cache Poisoning | The HTTP header "Referer" is reflected in the cached response body without being filtered
π#28 - Business logic vulnerability | An attacker can withdraw negative amounts to increase the overall balance of their account
π#29 - IDOR | An attacker can gain access to sensitive data from other users by performing a Forced browsing attack
π#30 - Insecure deserialization | Use of a dangerous function (exec) that can be controlled by the user, resulting in an RCE
π#31 - LFI | No proper character escaping or filter verification. The "include()" function executes all PHP code in the given file, no matter the file extension, resulting in code injection
π#32 - Format injection! | Format a string containing values provided by the client, resulting in a format injection
π#33 - SQL injection (second order) | All SQL queries use prepared statements except the last one. This statement extracts a value from the database that was once controlled by the user and adds it to the SQL query, leading to an SQL injection (second order)
π#34 - Regular expression Denial of Service (ReDoS) | Poorly configured regex pattern used to filter user-controlled input
π#35 - XSS | Trusted user input in GET parameter
π#36 - Unrestricted File Upload | Insufficient validation of the file extension of the uploaded file and missed validation of the file content
- Broken access control - CWE-284
- Code injection - CWE-94
- Cross Site Request Forgery (CSRF) - CWE-352
- SQL injection (SQLi) - CWE-89
- Cross Site Scripting (XSS) - CWE-79
- Open Redirect - CWE-601
- Server-side template injection (SSTI) - CWE-1336
- Server Side Request Forgery (SSRF) - CWE-918
- Cross Origin Resource Sharing (CORS) - CWE-942
- Clickjacking - CWE-1021
- Unrestricted File Upload - CWE-434
- Path Traversal - CWE-35
- Denial Of Service - CWE-400
- Weak Password Recovery Mechanism for Forgotten Password - CWE-640
- Insecure Direct Object Reference (IDOR) - CWE-639
- Deserialization Of Untrusted Data - CWE-502
- Local File Inclusion - CWE-98
- Buffer Overflow - CWE-120
- Acceptance of Extraneous Untrusted Data With Trusted Data ("Cache Poisoning") - CWE-349
- Business Logic Errors - CWE-840
- Format injection - CWE-134
Also included
- SQL (MySQL)
- HTML
- CSS
This will create a new MySQL user and a database for the vulnerable code snippet to use. (You should not move code snippets or any other file within repo)
git clone https://github.com/yeswehack/vulnerable-code-snippets.git
β οΈ Replace'<USERNAME>''<PASSWORD>''<DATABASE>'and remove the#. This will be your new MySQL vulnerable snippet user, password and Database (MySQL must be installed).
Make sure your in the correct folder when running this commands.
sudo apt update;
sudo systemctl start mysql;
cd db/;
chmod +x setupVsnippet.sh;
./setupVsnippet.sh # '<USERNAME>' '<PASSWORD>' '<DATABASE>';
sudo systemctl restart mysql;Inside the vulnerable snippet folder use: (Get the newest code snippets)
git pull~ H4v3 y0u f0und th3 E4st3r 3gg y3t? ππͺΊ
For questions, help or if you have discovered a problem with the code. Contact us on Twitter: @yeswehack π¬