This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples. There are multiple ways to perform the same tasks. We have performed and compiled this list on our experience. Please share this with your connections and direct queries and feedback to Pavandeep Singh.
- Drupal
- Jenkins
- Joomla
- WebMin
- Wordpress
- Builder Engine
- CMS Made Simple
- CouchDB
- Cuppa
- Cute News 2.0.3
- Impress
- LibreNMS
- Moodle
- Php Mailer
- Playsms
- Rips
- SPHP Blog
- Squirrel Mail
- PHPText
- Wolf
- Zenphoto
- Redis
- Nano CMS
Drupal ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Droopy | Drupalgeddon |
| 2. | Billu Box 2 | Drupalgeddon2 |
| 3. | Lampiao : 1 | Drupalgeddon2 |
| 4. | Typhoon : 1.02 | Drupalgeddon2 |
| 5. | DC-1 | Drupalgeddon2 |
| 6. | RootThis : 1 | Manual |
| 7. | DC:7 | Manual |
| 8. | DC:8 |
Jenkins ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Jarbas : 1 | Jenkins Script Console |
Joomla ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Hackademic-RTB2 | SQL Injection |
| 2. | Kevgir | Joomla! 1.5.x - 'Token' |
| 3. | DC-3 | Joomla! 3.7.0 - 'com_fields' SQL Injection |
| 4. | Born2Root: 2 | Enumeration |
WebMin ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | pWnOS -1.0 | Webmin File Disclosure |
| 2. | VulnOS: 1 | DistCC Daemon Command Execution |
| 3. | Nezuko:1 | Webmin 1.920 - Remote Code Execution |
Wordpress ⤴
Builder Engine ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Sedna | builderengine_upload_exec |
CMS Made Simple ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | West Wild: 2 | CMSMS Showtime2 File Upload RCE |
CouchDB ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Moonraker:1 | Node.js deserialization RCE |
Cuppa ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | W1R3S.inc | '/alertConfigField.php' LFI/RFI |
| 2. | BRAVERY | '/alertConfigField.php' LFI/RFI |
Cute News ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Simple | CuteNews 2.0.3 Remote File Upload |
Impress ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Breach 1.0 | Enumeration |
Moodle ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Golden Eye:1 | Moodle - Remote Command Execution |
PHP Mailer ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Raven : 2 | PHPMailer < 5.2.18 - Remote Code Execution |
Playsms ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Dina | PlaySMS import.php Authenticated CSV File Upload Code Execution |
Rips ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Mercy | RIPS 0.53 - Multiple Local File Inclusions |
Simple PHP Blog ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | pWnOS -2.0 | Simple PHP Blog Remote Command Execution |
Squirrel Mail ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | DE-ICE:S1.140 | Enumeration |
PHPTax ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Kioprtix: 5 | PhpTax Remote Code Injection |
Wolf ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | SickOS 1.1 | Default Credential |
Zenphoto ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Orcus | Enumeration |
Redis ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | Gemini inc:2 | Remote Code Execution(RCE) |
Nano CMS ⤴
| No. | Machine Name | Exploit/Vulnerability |
|---|---|---|
| 1. | LAMPSecurity: CTF 5 | NanoCMS '/data/pagesdata.txt' Password Hash Information Disclosure |