This horribly insecure web application is designed to illustrate a number of common web application vulnerabilities. Specifically, among its features are:
- SQL injection allows authentication bypass
- XSS in product descriptions
- Access control mechanism only enforces privileges in the menu options; deep links will bypass.
- Insufficient sanitation of input parameters allows privilege escalation via cookie manipulation
- Passwords and social security numbers are stored in plaintext
- No password complexity requirements
- Insecure file upload capability leads to arbitrary code execution
- Lack of transport-layer encryption allows credential sniffing
- Unprotected configuration files in browsable directory
- Authentication state maintained in client-side cookies
- Insecure defaults
- CSRF vulnerabilities allow deletion of customers, products and users
HIWA is written in PHP, using a Postgresql backend. Some hands-on experience with getting these programs to work is expected by the reader. At a later time, I might write up more detailed instructions.
- Fix (most) SQL and XSS issues in customers, products, orders and users
- Come up with some documentation (installation, usage, as well as fixing)
- Apache2 (apt install apache2)
- Postgresql (apt install postgresql)
- PHP (apt install libapache2-mod-php5)
- Postgresql connector for PHP5 (apt install php5-pgsql)
Kees Leune kees@leune.org