This document highlights the potential security vulnerabilities present in the application.
The application allows the execution of arbitrary PHP code due to improper input handling.
test\'; var_dump($config); echo \'qsdqsd
The application does not sanitize user inputs, allowing malicious scripts to be stored in the database and executed in users' browsers.
<b>XSS Stored</b>The file upload functionality can be exploited to upload and execute malicious PHP files instead of images.
- Upload a PHP file in place of an image.
- Access the file directly through the uploaded file URL.
The application lacks proper authentication for critical endpoints, allowing unauthorized users to perform administrative actions.
reset_chat.phpcan be accessed and executed without authentication.
The application concatenates user inputs directly into SQL queries, making it vulnerable to SQL injection attacks.
'); DROP TABLE chats; --To initialize and run the project using Docker, follow these steps:
-
Build the Docker environment:
sudo docker-compose build
-
Start the Docker containers:
sudo docker-compose up -d
-
Stop and remove the Docker containers:
sudo docker-compose down
The application is divided into two sections: safe and unsafe:
-
safe:- Implements basic security measures such as input validation and prepared statements to mitigate SQL injection and XSS attacks.
- Ensures file uploads are validated for allowed MIME types.
-
unsafe:- Contains intentionally vulnerable code for educational purposes.
- Allows exploitation of SQL injection, XSS, file inclusion, and other vulnerabilities.