A vulnerable Fedora wearing Pet Webstore for Fedora that will integrate with a NO-SQL Database for a Cyber Security exercise.
As of current, Petdora can be run by cloning the repository and then running:
cd %HOME_DIR%\Petdora\web\ sudo apt-install php php -S localhost:8080
cd %HOME_DIR%\Petdora\web\ php -S localhost:8080
- For smooth transitions, fixed top nav-bar on scroll and other features to make this a fully fledged and cross-compatible website.
Static Content Management System that loads all files from a certain folder.
- Made so that if an "Advanced Usability Testing" user were to somehow gain the ability to create a file in this folder on the server, they could manipulate the homepage.
- Fully working PHP and jQuery based sign-in page that stores cookies to keep users signed in.
- Exploitable by simply copying a cookie to sign in as a different user.
- The encrypted "hash" is just a raw text combination of the username and password, which could be captured.
- Checks based off of an unencrypted text file stored on the server that could later be edited to include new users.
Features Coming Soon:
- An HTML5 Canvas fully working Asteroids game that allows you to store a name and your highscore if you get in the top 10. Nothing is escaped from the name however and jQuery injects it into its own html page.
- A contact form that sends raw unescaped data to a Python CGI script to store the contact query in a "totally secure" folder on the server.
- Products Page is going to be linked to a NO-SQL database vulnerable to NOSQL injections.