Build Status License GitHub release

EasyBuggy Vulnerable Web App Modified by A Security Guru 🚼

EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, deadlock, JVM crash, SQL injection and so on.

logo

🕓 Quick Start

$ mvn clean install

( or java -jar easybuggy.jar or deploy ROOT.war on your servlet container with the JVM options. )

Access to

http://localhost:8080

🕓 Quick Start(Docker)

$ docker build . -t easybuggy:local # Build container image
$ docker run -p 8080:8080 easybuggy:local # Start easybuggy

Access to

http://localhost:8080

To stop:

Use CTRL+C ( or access to: http://localhost:8080/exit )

🕓 For more detail

See the wiki page.

🕓 Demo

This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down)

demo

🕓 EasyBuggy can reproduce:

  • Troubles

    • Memory Leak (Java heap space)
    • Memory Leak (PermGen space)
    • Memory Leak (C heap space)
    • Deadlock (Java)
    • Deadlock (SQL)
    • Endless Waiting Process
    • Infinite Loop
    • Redirect Loop
    • Forward Loop
    • JVM Crash
    • Network Socket Leak
    • Database Connection Leak
    • File Descriptor Leak
    • Thread Leak
    • Mojibake
    • Integer Overflow
    • Round Off Error
    • Truncation Error
    • Loss of Trailing Digits
  • Vulnerabilities

    • XSS (Cross-Site Scripting)
    • SQL Injection
    • LDAP Injection
    • Code Injection
    • OS Command Injection (OGNL Expression Injection)
    • Mail Header Injection
    • Null Byte Injection
    • Extension Unrestricted File Upload
    • Size Unrestricted File Upload
    • Open Redirect
    • Brute-force Attack
    • Session Fixation Attacks
    • Verbose Login Error Messages
    • Dangerous File Inclusion
    • Directory Traversal
    • Unintended File Disclosure
    • CSRF (Cross-Site Request Forgery)
    • XEE (XML Entity Expansion)
    • XXE (XML eXternal Entity)
    • Clickjacking
  • Performance Degradation

    • Slow Regular Expression Parsing
    • Delay of creating string due to +(plus) operator
    • Delay due to unnecessary object creation
  • Errors

    • AssertionError
    • ExceptionInInitializerError
    • FactoryConfigurationError
    • GenericSignatureFormatError
    • NoClassDefFoundError
    • OutOfMemoryError (Java heap space)
    • OutOfMemoryError (Requested array size exceeds VM limit)
    • OutOfMemoryError (unable to create new native thread)
    • OutOfMemoryError (GC overhead limit exceeded)
    • OutOfMemoryError (PermGen space)
    • OutOfMemoryError (Direct buffer memory)
    • StackOverflowError
    • TransformerFactoryConfigurationError
    • UnsatisfiedLinkError

🕓 EasyBuggy clones: