Simple vulnerable site, created by a beginner for beginners. This vulnerable site covers several vulnerabilities some from real bugbounty cases encountered in bugbounty, can you find them ?
Installation
apt-get update && apt-get upgrade -y
apt-get install apache2 php php-mysql mariadb-server
a2enmod rewrite
git clone https://github.com/lucasmartinelle/AnotherVulnerableWebApp
mv AnotherVulnerableWebApp/ /var/www/html/
chown www-data:www-data /var/www/html/ -R && chmod 775 /var/www/html/ -R
Create the database :
mysql -u root
CREATE DATABASE vulnerability;
GRANT ALL ON vulnerability.* TO 'vulnerability'@'localhost' IDENTIFIED BY '6xUm%3moNghtQaZ8Q';
FLUSH PRIVILEGES;
quit
If you want, change the password for vulnerability
user and also in /var/www/html/AnotherVulnerableWebApp/app/init.php
Import the SQL File :
cd /var/www/html/AnotherVulnerableWebApp/
mysql -u root vulnerability < base.sql
Uncomment extension=pdo_mysql
on /etc/php/{version}/apache2/php.ini
Change AllowOverride None
to AllowOverride All
line 172 on /etc/apache2/apache2.conf
On /etc/apache2/sites-enabled/000-default.conf
change DocumentRoot /var/www/html/
by DocumentRoot /var/www/html/AnotherVulnerableWebApp
on line 12
Restart apache2 :
systemctl restart apache2
Solutions :
You can get information about the current vulnerabilities / solutions here with more or less details, the goal being that you also do research on your side to better understand them and build your own methodology / payloads
Contributions :
This repository is for beginners, don't hesitate to create a PR to improve the code, add vulnerabilities, submit your writeup :)