Code Monkey home page Code Monkey logo

web-application-cheatsheet's Introduction

Web Application Cheatsheet (Vulnhub)

This cheatsheet is intended for CTF participants and beginners to help them understand web application vulnerability through examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.

Follow us on alt text alt text alt text

vulnhub-web-app

Table of Contents

Drupal

No. Machine Name Exploit/Vulnerability
1. Droopy Drupalgeddon
2. Billu Box 2 Drupalgeddon2
3. Lampiao : 1 Drupalgeddon2
4. Typhoon : 1.02 Drupalgeddon2
5. DC-1 Drupalgeddon2
6. RootThis : 1 Manual
7. DC:7 Manual
8. DC:8

Jenkins

No. Machine Name Exploit/Vulnerability
1. Jarbas : 1 Jenkins Script Console

Joomla

No. Machine Name Exploit/Vulnerability
1. Hackademic-RTB2 SQL Injection
2. Kevgir Joomla! 1.5.x - 'Token'
3. DC-3 Joomla! 3.7.0 - 'com_fields' SQL Injection
4. Born2Root: 2 Enumeration

WebMin

No. Machine Name Exploit/Vulnerability
1. pWnOS -1.0 Webmin File Disclosure
2. VulnOS: 1 DistCC Daemon Command Execution
3. Nezuko:1 Webmin 1.920 - Remote Code Execution

Wordpress

No. Machine Name Exploit/Vulnerability
1. Hackademic-RTB1 Enumeration
2. Mr. Robot Bruteforce
3. Stapler Enumeration/Bruteforce
4. Minotaur Wordpress SlideShow Gallery Authenticated File Upload
5. Freshly Manual
6. USV Enuemration
7. Quaoar Enumeration
8. Lazysysadmin WordPress Admin Shell Upload
9. BTRSys:dv 2.1 Enumeration
10. Basic Penetration WordPress Admin Shell Upload
11. DerpNStink Wordpress SlideShow Gallery Authenticated File Upload
12. BSides Vancuver: 2018 WordPress Admin Shell Upload
13. Raven Enumeration
14. HackinOS : 1 Enumeration
15. Web Developer : 1 WordPress Photo Gallery Unrestricted File Upload
16. DC-2 Enumeration/Bruteforce
17. DC6 Plainview Activity Monitor 20161228
18. symfonos : 1 WordPress Plugin Mail Masta 1.0 - Local File Inclusion
19. PumpkinFestival Enumeration
20. SP:Jerome WordPress Crop-image Shell Upload
21. dpwwn:2 Wordpress Plugin Site Editor 1.1.1
22. GrimTheRipper:1 Bruteforce
23. symfonos : 2 WordPress Plugin Mail Masta 1.0 - Local File Inclusion
24. Prime: 1 Enumeration
25. HA: Wordy Multiple Vulnerablities
26. Loly: 1 WordPress Plugin AdRotate 3.6.5 - SQL Injection

Builder Engine

No. Machine Name Exploit/Vulnerability
1. Sedna builderengine_upload_exec

CMS Made Simple

No. Machine Name Exploit/Vulnerability
1. West Wild: 2 CMSMS Showtime2 File Upload RCE

CouchDB

No. Machine Name Exploit/Vulnerability
1. Moonraker:1 Node.js deserialization RCE

Cuppa

No. Machine Name Exploit/Vulnerability
1. W1R3S.inc '/alertConfigField.php' LFI/RFI
2. BRAVERY '/alertConfigField.php' LFI/RFI

Cute News

No. Machine Name Exploit/Vulnerability
1. Simple CuteNews 2.0.3 Remote File Upload

Impress

No. Machine Name Exploit/Vulnerability
1. Breach 1.0 Enumeration

Moodle

No. Machine Name Exploit/Vulnerability
1. Golden Eye:1 Moodle - Remote Command Execution

PHP Mailer

No. Machine Name Exploit/Vulnerability
1. Raven : 2 PHPMailer < 5.2.18 - Remote Code Execution

Playsms

No. Machine Name Exploit/Vulnerability
1. Dina PlaySMS import.php Authenticated CSV File Upload Code Execution

Rips

No. Machine Name Exploit/Vulnerability
1. Mercy RIPS 0.53 - Multiple Local File Inclusions

Simple PHP Blog

No. Machine Name Exploit/Vulnerability
1. pWnOS -2.0 Simple PHP Blog Remote Command Execution

Squirrel Mail

No. Machine Name Exploit/Vulnerability
1. DE-ICE:S1.140 Enumeration

PHPTax

No. Machine Name Exploit/Vulnerability
1. Kioprtix: 5 PhpTax Remote Code Injection

Wolf

No. Machine Name Exploit/Vulnerability
1. SickOS 1.1 Default Credential

Zenphoto

No. Machine Name Exploit/Vulnerability
1. Orcus Enumeration

Redis

No. Machine Name Exploit/Vulnerability
1. Gemini inc:2 Remote Code Execution(RCE)

Nano CMS

No. Machine Name Exploit/Vulnerability
1. LAMPSecurity: CTF 5 NanoCMS '/data/pagesdata.txt' Password Hash Information Disclosure

GUnet OpenEclass E-learning platform

No. Machine Name Exploit/Vulnerability
1. VulnUni 1.0.1 GUnet OpenEclass E-learning platform 1.7.3

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.