webbug's Introduction

WebBug靶场

包含如下漏洞，以及修复方案；

暴力破解
验证码绕过（前端绕过）
SQL注入（盲注）
越权访问（垂直越权）
XSS（存储型）
XSS（反射型）
CSRF
任意文件上传
不安全的直接对象引用
失效的身份认证和会话管理
不安全的配置

警告

不要将此项目运行在外网服务器，除非你想被攻击。本站点只做Web安全研究用。

运行效果图

技术选型

MVC架构

HTML+CSS+JavaScript+JSP

Java+Servlet+Fastjson+ESAPI

MySQL+JDBC

所需环境:

JDK 1.8
Tomcat 7.*
IDEA 直接使用open打开项目

更新日志：

v.1.0.2

新添Session 会话缺陷漏洞；
新添IDOR（不安全的直接对象引用）漏洞；
新添CSRF漏洞；
新添不安全的 Tomcat 错误页面配置；
修复了/jsp/* 不可见文件路径

v.1.0.1

更新README.md 描述文件；

v.1.0.0

创建项目，提交第一个版本；

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

l3ngd0n / webbug Goto Github PK