feat(sandbox): add more challenges

[lifeforms]

Motivation

We currently serve the OWASP Juiceshop as a vulnerable application.

In August there will be an on-site live hacking event that would include us as a target. We have not committed fully yet, within 2 weeks we will have to make a decision. Some of our crew would be there to coach the hackers and perform really fast triaging and analysis, since the event is short we have to decide very quickly.

It would be useful to have multiple vulnerable applications in various languages. This could vary from a simple PHP script to a vulnerable app.

Proposed solution

• Add a PHP vulnerable app or a simple script (vulnerable to SQLi and/or XSS)
• Find vulnerable apps using other languages/frameworks? Inspiration for vulnerable apps: https://github.com/vulhub/vulhub ❗
• To be debated: Do we want to kill the Juiceshop?

Alternatives

• Do nothing!

[github-actions]

This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days

[RedXanadu]

It looks like this still needs to be done in preparation for future bug bounties and similar programmes. Although maybe not urgent. Removing stale label.

[fzipi]

I'm closing this one as challenges are not strictly necessary in the sandbox. In the future we can bring them as GSoC or other ways.