Skip to content

Entropt/Vulnerable-Web-PHP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
css
css
 
 
demo
demo
 
 
img
img
 
 
vendor
vendor
 
 
Báo cáo Code Lỗ hổng Web_Đỗ Minh Tuấn.pdf
Báo cáo Code Lỗ hổng Web_Đỗ Minh Tuấn.pdf
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
database.php
database.php
 
 
image.php
image.php
 
 
in.jpg
in.jpg
 
 
index.php
index.php
 
 
inject_phar.php
inject_phar.php
 
 
login.php
login.php
 
 
logout.php
logout.php
 
 
out.jpg
out.jpg
 
 
phar-jpg-polyglot.jpg
phar-jpg-polyglot.jpg
 
 
posts.php
posts.php
 
 
preview.php
preview.php
 
 
random_class.php
random_class.php
 
 
register.php
register.php
 
 
sql_injection.py
sql_injection.py
 
 
test.jpeg
test.jpeg
 
 
upload.php
upload.php
 
 
vuln.php
vuln.php
 
 

Repository files navigation

Vunerable Website by Entropt

Requirement

Vunerabilities Labs Web
SQL Injection completed completed
Insecure Deserialization completed completed
File upload completed completed
Cross-site scripting completed completed
Server-side template injection completed completed
Path Traversal completed completed

Specification

Specs Value
OS Kali Linux
Webserver Nginx
Language PHP
Database MariaDB

Website Analysis:

A website with normal login: completed
With picture upload in comments: completed
A newspaper website: done
XSS with comments: done

Instruction

Change the ownership of the upload directory to user www-data:
sudo chown -R www-data:www-data img/comments

Note: Insecure Deserialization vulnerability in this lab only works on PHP 7.4 or below because it's PHAR Deserialization.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages