bWAPP, or a buggy web application, is a deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. It prepares to conduct successful penetration testing and ethical hacking projects. It is for educational purposes only.
What makes bWAPP so unique? Well, it has over 60 web bugs!
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!
The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.
You can download bWAPP from here. Have fun!
It's also possible to download our bee-box, a custom Linux VM pre-installed with bWAPP.
Command Injection
Command Injection Vuln to add extra commands.
Normal Output :
Add Evil Input :
Evil Code :
0.0.0.0 && cat /etc/passwd
You can start netcat or get things with wget or do other evil things too.
Just add your linux command after &&
Sample :
0.0.0.0 && >rm -fr /*< //Your command
Cant see the image :( ??
ReplyDeleteJust got my cheque for $500.
ReplyDeleteSometimes people don't believe me when I tell them about how much you can make by taking paid surveys online...
So I took a video of myself getting paid over $500 for taking paid surveys to finally set the record straight.