This is a vulnerable web application made for the 2016 CNY Hackathon. It's written in PHP and uses MySQL.
DON'T USE THIS IN A PRODUCTION ENVIRONMENT!
The operational state can be tested using the test.php
file.
Needs the PHP mysqli
library.
Copy the contents of the html
directory into the /var/www/html
or equivalent directory.
Create the database hackathon
, then populate it using the database.sql
file.
Build using:
docker build -t acme-webapp .
Then run using (Maps port 1337 to port 80 on the container):
docker run -p 1337:80 --rm -it --name acme-webapp-test -v`pwd`/app:/var/www/html acme-webapp
A list of vulnerabilities is available in the vuln_list.txt.base64
file. As indicated, the list is base64 encoded so you can try to find all the vulnerabilities on your own before checking it against the list. Don't cheat :).