Skip to content
A Intentionally Vulnerable Bad Web Application With XSS Vulnerabilities - *DO NOT USE!!!*
PHP
Find file
Latest commit 6e55a19 Jun 27, 2011 @ircmaxell Clean up license file
Failed to load latest commit information.
Application Added doc blocks to files for licenseing Jun 27, 2011
Controllers
Exceptions Added doc blocks to files for licenseing Jun 27, 2011
Models Added doc blocks to files for licenseing Jun 27, 2011
Utilities
Views
_cache/templates_c
data
templates
.gitignore Fix registration and CSRF transient errors Jun 26, 2011
.htaccess
404.php
INSTALL
LICENSE
README.markdown
bootstrap.php
index.php

README.markdown

WARNING

DO NOT USE THIS APPLICATION!

This is a "Bad Web Application" that's designed to be vulnerable.

WARNING: FOR RESEARCH USE ONLY!

DISCLAIMER: This application is for education use only. Installing it on a public facing server will expose the server to several security vulnerabilities. The author takes absolutely no responsibility for any damage that may occur from the use or misuse of any of this code.

You have been warned.

Requirements

  • PHP >= 5.3

  • A Pear install of Smarty

  • A Pear install of Twig

Known Vulnerabilities

  • On 404 Error Page
    • Remote IP is displayed without escaping. Data is pulled from the X--Forwarded-For Header

TODO: Create a list of known vulnerabilities here

Something went wrong with that request. Please try again.