Skip to content

Latest commit

 

History

History
27 lines (19 loc) · 766 Bytes

readme.md

File metadata and controls

27 lines (19 loc) · 766 Bytes

Very small Pentest Project

PHP and Mysql Attack

  1. Inject Login Form
  2. Inject Query String
  3. Remote File Inclusion
  4. XSS Attack ==> Todo
  5. Session Hijack ==> Todo

Installation

  • create a database and copy the schema from schema/schema.sql
  • copy config/Database.sample.php to config/Database.php

Run the application

  • php -S localhost:9000

Todo:

  • Implement more topics for the web application attacks
  • Put more UI design (It is now very ugly)

Note:

  • If remote file inclusion does not work, please allow allow_url_include=On. Once this works, it will overwrite index.php. After the test, you can copy index.php.ori to index.php to rollback the replacement.

  • Source codes are written very ugly. Feel free to modify.