Skip to content
Branch: master
Clone or download
Latest commit d03f54d Mar 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
CommandExecution Adding note. Dec 15, 2018
FileInclusion Update 2.php Dec 14, 2018
FileUpload Update fileupload3.php Nov 30, 2018
Resources Add files via upload Dec 8, 2018
SQL Update sql6.php Nov 30, 2018
XSS Update XSS_level4.php Dec 8, 2018
LICENSE Create LICENSE Dec 8, 2018 Update Mar 21, 2019
homepage.html Update homepage.html Dec 8, 2018
index.php Update index.php Nov 30, 2018

Vulnerable Web Application


What is Vulnerable-Web-Application

Vulnerable-Web-Application is a website that is prepared for people who are interested in web penetration and who want to have information about this subject or to be working. In fact, the website is quite simple to install and use.

Vulnerable-Web-Application categorically includes Command Execution, File Inclusion, File Upload, SQL and XSS. For database-requiring categories, it creates a database under localhost with one button during setup. In case of corrupted or changed databases, you can create a database again.

Installation Guide

If you want to run this tool, first of all you need to download web server solution like "xampp"- you can download xampp from Xampp. After your installation;

For Windows you need to copy the files into the xampp/htdocs folder.

For Mac Os you need to install mampp and copy the files into the mamp/htdocs folder. Mampp

For Linux after download our files first you need to open apache server and copy the files to /var/www/html

Other Configurations:

The php.ini file should be altered. You can find the location of your php.ini file under the folder which php is installed.

  • allow_url_include = on - Allows for Remote File Inclusion
  • allow_url_fopen = on - Allows for Remote File Inclusion
  • safe_mode = off - (If PHP <= v5.4) Allows for SQL Injection
  • magic_quotes_gpc = off - (If PHP <= v5.4) Allows for SQL Injection


After all these configurations, firstly, open Xampp Control Panel and start Apache,MySQL. Your MySQL credentials have to be default.[username:root <-> password:""] Then open up our index.php file in the Vulnerable Web Application directory. Follow the directions and create database. If you messed up with database, you can reset the database. If database is ready, you can go to homepage and start hacking.


The contents of this repository are licensed under the GNU General Public License v3.0.


You can’t perform that action at this time.