/dvwp

Damn Vulnerable WordPress

Primary LanguagePHP

Damn Vulnerable WordPress

Playground for WordPress hacking and wpscan testing.

DO NOT EXPOSE THIS TO INTERNET!

Installation

$ git clone https://github.com/vavkamil/dvwp.git
$ cd dvwp/
$ docker-compose up -d --build
$ docker-compose run --rm wp-cli install-wp

Usage

$ docker-compose up
$ docker-compose down

Shell

docker exec -ti dvwp_wordpres_1 /bin/bash

Interface

Credentials

  • Wordpress: admin/admin
  • MySQL: root/password

Vulnerabilities

Feel free to contribute with pull requests ;)

Plugins

Otherz

  • Directory listing
  • display_errors
  • info.php
  • dump.sql
  • adminer.php
  • search-replace-db
  • cross-domain

TODO

  1. Add versions and description to each vulnerability in README.md
  2. Upload docker image to Docker Hub registry
  3. Get rid of the Dockerfile
  4. Run wp-cli automatically during build
  5. Use "svn co" or "wp-cli" to download vulnerable plugins directly
  6. Add more vulnerable plugins/themes
  7. Update WP and php to latest
  8. Add vulnerable phpmyadmin?
  9. Add script to pull access.log and error.log from container