Secure Coding mailing list archives
Seeking vulnerable server-side scripts
From: jrose at owasp.org (jrose)
Date: Wed, 6 May 2009 14:31:02 -0400
Use google codesearch: http://www.google.com/codesearch?hl=en&lr=&q=select.*from.*%5C%24_%28GET%7CPOST%7CCOOKIES%29+lang%3Aphp&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=input.*type%3Dhidden.*%3D.*%5C%24_%28GET%7CPOST%7CCOOKIE%29&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=fopen%5C%28.*%5C%24_GET&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=%5C+file%5C%28.*%5C%24_POST&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=file_get_contents%5C%28.*%5C%24_GET&btnG=Search - Jon On May 6, 2009, at 1:17 PM, security curmudgeon wrote:
: There are several applications designed specifically for this: : : Mutillidae : http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 : : Foundstone's Hacme Bank and Hacme Travel : http://www.foundstone.com/us/resources-free-tools.asp : : WebGoat : http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project : : : I believe there are more, but those are the first to come to mind. A couple more: Stanford SecuriBench http://suif.stanford.edu/~livshits/securibench/ w3af's "moth" http://sourceforge.net/project/showfiles.php?group_id=170274 http://sourceforge.net/mailarchive/forum.php?thread_name=cdfaf8b20905051759o76a0f6f1o171928dd9b1d5e30%40mail.gmail.com&forum_name=w3af-develop _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com ) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Seeking vulnerable server-side scripts Jeremy Epstein (May 06)
- Seeking vulnerable server-side scripts Steven M. Christey (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)
- Seeking vulnerable server-side scripts Jim Manico (May 06)
- Seeking vulnerable server-side scripts jrose (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)