Skip to content

Capfly/pentest_exercise_guestbook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
include
include
 
 
setup
setup
 
 
README.md
README.md
 
 
admin.php
admin.php
 
 
entry.php
entry.php
 
 
index.php
index.php
 
 

Repository files navigation

taskSQLi

TaskSQLi is a web guestbook penetration testing exercise.

Warning: ONLY TO PRACTICE PENETRATION TESTING!

This web application has several security issues. It is strongly discouraged to use it in a production environment!

I assume no liability for damages incurred when using the application.

The Task

Your task is to use the XSS vulnerability to get access to an SQL injection vulnerability via CSRF.

The objective is to get an administrator's password.

Have fun ~

Setup

  • Import setup/sqli_guestbook.sql to your local database
  • Then configure the credentials in the include/Connector.php file

About

A web guestbook penetration testing exercise

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages