During my SQL Injection learning journey I needed a vulnerable web application for practice.
I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL.
I must confess, I am not a programmer and I have never coded in PHP before, I thought it would be a good practice to develop a PHP based site from scratch in order to learn the basic of PHP and MySQL.
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques and it is a fully functional web site with a content management system based on fckeditor.
I thought some of you may find it useful so i decided to share it via a SourceForge project page i created for it at :
https://sourceforge.net/projects/exploitcoilvuln
Please notice! this web app is extremely vulnerable to SQLi attack and its poorly coded and configured intentionally.
It is not recommended to use this WebApp as live site on the net neither set it up on your local machine with access to it from the web.
Please use it in your internal LAN only, Set it up in a virtual environment such as VMware or Virtual Box.
This is a fully functional web site with a content management system based on fckeditor.
I hope you will find this web app useful in your SQLi and web app security studies or demonstrations.
Visit the Vulnerable Web Site by browsing to its IP address
Admin interface can be found at: http://localhost/admin
Username: admin
Password: P@ssw0rd
Database Name: exploit
Database contains 8 tables:
articles authors category downloads links members news videos I have only tested the web app for SQLi, but i am sure you will find some more interesting vulnerabilities
Please try to avoid using automated tools to find the vulnerabilities and try doing it manually
Feel free to discuss this web app by visiting http://exploit.co.il and commenting on the relevant post.
You can send solutions, videos and ideas to shai[at]exploit.co.il and i will post them on my blog.
Good Luck!
Source: http://exploit.co.il/projects/vuln-web-app/