Skip to content

vavkamil/dvwp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Damn Vulnerable WordPress

Playground for WordPress hacking and wpscan testing.

DO NOT EXPOSE THIS TO INTERNET!

Installation

$ git clone https://github.com/vavkamil/dvwp.git
$ cd dvwp/
$ docker-compose up -d --build
$ docker-compose run --rm wp-cli install-wp

Usage

$ docker-compose up -d
$ docker-compose down

Shell

docker exec -ti dvwp_wordpress_1 /bin/bash

Interface

Credentials

  • Wordpress: admin/admin
  • MySQL: root/password

Vulnerabilities

Feel free to contribute with pull requests ;)

Plugins

Otherz

  • Directory listing
  • display_errors
  • info.php
  • dump.sql
  • adminer.php
  • search-replace-db
  • cross-domain

TODO

  1. Add versions and description to each vulnerability in README.md
  2. Upload docker image to Docker Hub registry
  3. Get rid of the Dockerfile
  4. Run wp-cli automatically during build
  5. Use "svn co" or "wp-cli" to download vulnerable plugins directly
  6. Add more vulnerable plugins/themes
  7. Update WP and php to latest
  8. Add vulnerable phpmyadmin?
  9. Add script to pull access.log and error.log from container