RamadhanAmizudin / Lazyweb
LazyWeb - Vulnerable Web Application
This web application is a demonstration of common server-side application flaws. Each of the vulnerabilities has its own difficulty rating.
Vulnerabilities
- OS Command Injection
- SQL Injection
- XML External Entity Injection
- Insecure Direct Object Reference
- Local File Inclusion
- Insecure File Upload
- Arbitrary Session Assignment
- Broken Authorization
- Broken Authentication
- .git Folder Disclousure (if you clone directly to web root)
Write Up
Notes
I've been using this web application as the technical assessment for the candidate who applied for the job.
After deploy the code, make sure to chown www-data:www-data to templates_c and user/avatar folder
License
The MIT License (MIT)
Copyright (c) 2021 Ahmad Ramadhan Amizudin
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.