A Deliberately Insecure Web Application

PHP Cookie Stealing Scripts for use in XSS

MySQLSessionHandler Class (PHP 7.1)

This is a vulnerable web application I developed for my Database Security class at Boston University. It contains possible IDOR and session hijacking attacks in a pseudo-realistic banking web app. The application is built using the LAMP stack.

Broken Authentication Lab This lab provides a hands-on demonstration of credential stuffing (using Postman +weakpass) and session hijacking (via low-entropy session IDs) against a vulnerable login.php app.

HTTP Session Security for Laravel

XSS cookie stealer using a simple php script.