Skip to content
dummy shopping site for whitebox pentestig
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


dummy shopping site for whitebox pentestig

how I created this lab by just doing google

motive for creating this lab

To demonstrate how an attacker can misuse the admin's web page for unreistricted file upload by doing CSRf attack which is supported by blind stored XSS.

This a whitebox pentesing lab so you can also check out database for credentials or any other information.

open User account in normal window and admin's account in private window.


  1. Extract the file into /var/www/html

  2. run command: service apache2 start && service mysql start

  3. Create database shop_site

  4. run shop_site.sql

    mysql "shop_site" < shop_site.sql

  5. done

create mysql user

run the following commands in mysql

CREATE USER 'user'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost'; FLUSH PRIVILEGES;

edit config.php

edit the username and password in config.php If you are running in windows dont edit

   define('DB_SERVER', 'localhost');
   define('DB_USERNAME', 'user');
   define('DB_PASSWORD', 'password');
   define('DB_DATABASE', 'shop_site');


You can’t perform that action at this time.