Skip to content

vavkamil/dvwp

master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
Apr 26, 2020
Apr 26, 2020
Apr 26, 2020
Apr 26, 2020

Damn Vulnerable WordPress

Playground for WordPress hacking and wpscan testing.

DO NOT EXPOSE THIS TO INTERNET!

Installation

$ git clone https://github.com/vavkamil/dvwp.git
$ cd dvwp/
$ docker-compose up -d --build
$ docker-compose run --rm wp-cli install-wp

Usage

$ docker-compose up
$ docker-compose down

Shell

docker exec -ti dvwp_wordpres_1 /bin/bash

Interface

Credentials

  • Wordpress: admin/admin
  • MySQL: root/password

Vulnerabilities

Feel free to contribute with pull requests ;)

Plugins

Otherz

  • Directory listing
  • display_errors
  • info.php
  • dump.sql
  • adminer.php
  • search-replace-db
  • cross-domain

TODO

  1. Add versions and description to each vulnerability in README.md
  2. Upload docker image to Docker Hub registry
  3. Get rid of the Dockerfile
  4. Run wp-cli automatically during build
  5. Use "svn co" or "wp-cli" to download vulnerable plugins directly
  6. Add more vulnerable plugins/themes
  7. Update WP and php to latest
  8. Add vulnerable phpmyadmin?
  9. Add script to pull access.log and error.log from container

About

Damn Vulnerable WordPress

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published