Deliberately vulnerable web application
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
grails-app
test/unit/net/continuumsecurity/ropeytasks
web-app
.gitignore
README.md
application.properties
build.standalone.sh
grailsw
ropeytasks-grailsPlugins.iml
ropeytasks.jar

README.md

Overview

ropeytasks is a simple web application that is deliberately built with a number of included security vulnerabilities. These include:

  • Blind HQL injection
  • XSS
  • CSRF
  • Case insensitive passwords
  • No SSL
  • Lack of HttpOnly and secure flags on session cookies

Running

1. With grails

The recommended way to run this is to install www.grails.org version >= 2.0.3 so that you can see and modify the code.

2. Self-executing jar

The .jar is executable with: java -jar ropeytasks.jar

3. Deploy on servlet container

Drop the .war on a servlet container

Credentials

  • admin/password
  • bob/password
  • alice/password