Explore web application vulnerabilities like XSS and server-side injection through example. This repo contains Docker runtime environments for a vulnerable web application and an attacker-controlled service meant to exploit it.
If you're looking for notes on the vulnerabilities covered in this workshop, and how to exploit them, see WORKSHOP_NOTES.md.
Docker and docker-compose must be installed on your machine before continuing.
# Build and run the Docker image containers
make run
# You can now visit the vulnerable service in a web browser on http://localhost:8080
# And if you want to peruse stolen loot during the workshop, run...
make login-attacker-controlled-serviceRead the Makefile for more info.