Git Product home page Git Product logo

vulnerable-code-snippets's Introduction

YWH Logo Vulnerable Code Snippets

Vulnerable snippet banner YesWeHack Github repo

YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!

~ New vulnerable code snippet at Twitter @yeswehack every Friday! ๐Ÿ—’

โš ๏ธ Be aware

Be sure to run this in a secure environment, as the code is vulnerable and is intended to be used for learning code analysis!

Twitter posts ๐Ÿ”–

A Collection of all vulnerable code snippets posted on our Twitter ๐Ÿ“‚
๐Ÿ“œ#1 - SQLi & XSS | Backslash filter collide
๐Ÿ“œ#2 - Improper file access & XSS | Invalid char and regex verificaion
๐Ÿ“œ#3 - Log Forging injection, Path traversal & Code injection | Poor filter and improper include() handling
๐Ÿ“œ#4 - XSS | Invalid user input filter
๐Ÿ“œ#5 - SSRF & Broken authorization | Trusted user input and client IP from header.
๐Ÿ“œ#6 - SSTI | Mixed input format
๐Ÿ“œ#7 - SQLi | Use of invalid variable within statement
๐Ÿ“œ#8 - CSRF | No CSRF token included
๐Ÿ“œ#9 - Open Redirect | Invalid regex handler
๐Ÿ“œ#10 - DOM XSS | Backend filter collide with client side JavaScript

Vulnerabilities ๐Ÿ’€

Programming Language ๐Ÿ’ป

Also included

Installation ๐Ÿ

This will create a new MySQL user and a database for the vulnerable code snippet to use.
(You should not move code snippets or any other file within repo)

mkdir VsnippetYWH && cd VsnippetYWH;
git clone https://github.com/yeswehack/vulnerable-code-snippets.git

โš ๏ธ Replace '<USERNAME>' '<PASSWORD>' '<DATABASE>' and remove the #. This will be your new MySQL vulnerable snippet user, password and Database!
Make sure your in the correct folder when running this commands.

sudo apt update;
sudo systemctl start mysql;
cd db/;
chmod +x setupVsnippet.sh;
./setupVsnippet.sh # '<USERNAME>' '<PASSWORD>' '<DATABASE>';
sudo systemctl restart mysql;

Update

Inside the vulnerable snippet folder use: (Get newest snippets)

git pull

For questions, help or if you have discovered a problem with the code. Contact us on Twitter: @yeswehack ๐Ÿ“ฌ

vulnerable-code-snippets's People

Contributors

brumensywh avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.