30/07/11

BodgeIt Store – Vulnerable Web Application For Penetration Testing

There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features

  • Easy to install – just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up
There is also a ‘scoring’ page where you can see various hacking challenges and whether you have completed them or not.

The Bodge It Store include the following significant vulnerabilities:
  • Cross Site Scripting
  • SQL injection
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities
If you spot any others then let me know ;) There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.
In the relatively near future I'm hoping to add things like:
  • Ajax requests
  • More vulnerabilities (of course)
 Install

All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.
Then point your browser at (for example) http://localhost:8080/bodgeit
The author recommends Zed Attack Proxy to get you started.

You can download BodgeIt Store here:
bodgeit.1.1.0.zip

nb : darknet

Tidak ada komentar:

Posting Komentar