Skip to content
/ vulnbank Public
forked from vulnbank/vulnbank

Vulnerable application for security issues demo

License

MIT license
0 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alyoshapotter/vulnbank

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
sources
sources
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VulnBank_Guide.pdf
VulnBank_Guide.pdf
 
 
nginx.config
nginx.config
 
 
start.sh
start.sh
 
 

Repository files navigation

VulnBank

This application emulates modern Web 2.0 application and has several vulnerabilities related to OWASP Top10, business logic or architecture-level issues.

Dependencies: PHP, MySQL

Vulnerabilities list:

  • Business logic issues
  • DOM-based Cross-Site Scripting (XSS)
  • Stored Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Race Condition
  • XML External Entity (XXE)
  • Session Hijacking
  • Remote Code Execution (ImageTragick, CVE-2016-3714)

Features list:

  • Different API-types: XML, REST, ordinary POST-request
  • Nexmo SMS-gateway integration

Docker deployment

You can deploy ready-to-use container from vulnbank/vulnbank:

docker run --name vulnbank -p 80:80 -d vulnbank/vulnbank

Or build your own with following command:

docker build . -f Dockerfile

About

Vulnerable application for security issues demo

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 55.8%
  • CSS 21.2%
  • PHP 12.2%
  • HTML 5.6%
  • Less 2.7%
  • SCSS 1.2%
  • Other 1.3%