Mutillidae is a set of PHP Vulnerable Scripts that implement the OWASP for testing and teaching purposes. Top 10
It has been done in such a way that it is easy to demonstrate common attacks to others. Feel free to use it in your own classes. Many web app hobbyists and professionals used PHP, and it’s pretty easy to pick up the basics of the language.
Features of the Mutillidae project:
1. Make the code and examples simple to understand so as to get the point across of how a given vulnerability works. With some of the stuff in Webgoat it is s a little hard to figure how to exploit the code, Mutillidae almost exploits itself. My app won’t be very realistic, but it should illustrate the core concepts well.
2. Be geared in such a way that it’s easy to update with new modules and hints.
3. Easy to install and run. Just download XAMPP Lite for Windows or Linux, put the scripts in the htdocs directory, and click the “Setup/reset the DB” link in the main menu.
Download most recent version of Mutillidae from the link: http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Installation procedure:
Extract the files somewhere in the htdocs folder of XAMPP (for example htdocs/mutillidae). Also, it should go without saying that you should NOT run this code on a production network. Either run it on a private network, or restrict your web server software to only use the local loopback address. You can do that by finding the “Listen” line in the http.conf file and changing it to read: Listen 127.0.0.1:80
Run xampp apache server and then type in http://localhost/mutillidae . A page will appear to try top ten vulnerabilities. Try to play with these vulnerabilities and explore it more for fun.
No comments:
Post a Comment