VulnTest - Web Security Learning Platform

VulnTest is a deliberately vulnerable web application designed for learning about web security. It provides a safe environment to practice identifying and exploiting common web vulnerabilities.

⚠️ WARNING ⚠️

This application is intentionally vulnerable and should NEVER be deployed on a public server or used with real user data. It is designed for educational purposes only in a controlled local environment.

Features

• SQL Injection: Practice bypassing authentication and extracting data
• Cross-Site Scripting (XSS): Test stored XSS attacks in comments
• Command Injection: Experiment with OS command injection in a sandboxed environment
• Broken Access Control: Test privilege escalation and insecure direct object references
• Insecure File Uploads: Learn about the dangers of unrestricted file uploads

Prerequisites

• Python 3.8 or higher
• pip (Python package manager)
• A modern web browser

Installation

1. Clone the repository or download the source code

2. Navigate to the project directory:

   cd VulnTest

3. Create a virtual environment (recommended):

   python -m venv venv
   .\venv\Scripts\activate  # On Windows
   source venv/bin/activate  # On macOS/Linux

4. Install the required packages:

   pip install -r requirements.txt

Running the Application

1. Start the development server:

   python app.py

2. Open your web browser and navigate to:

   http://localhost:5000
   

3. Use the following default credentials to log in:

   • Username: admin
   • Password: insecurepassword

Vulnerabilities Overview

1. SQL Injection

• Location: Login page
• Description: The login form is vulnerable to SQL injection, allowing authentication bypass.
• Example Payload:
  • Username: admin' --
  • Password: [anything]

2. Cross-Site Scripting (XSS)

• Location: Comments section
• Description: User input is not properly escaped, allowing stored XSS attacks.
• Example Payload:

  <script>alert('XSS')</script>

3. Command Injection

• Location: Ping utility
• Description: The ping command is vulnerable to command injection.
• Example Payload:

  8.8.8.8; whoami
  

4. Broken Access Control

• Location: Admin panel
• Description: Missing proper authorization checks allow unauthorized access to admin functionality.
• Exploit: Navigate to /admin after logging in as any user.

5. Insecure File Upload

• Location: File upload page
• Description: Files can be uploaded without proper validation.
• Exploit: Upload a PHP shell or other malicious files.

Security Best Practices

This application demonstrates what NOT to do in a production environment. Always follow these security best practices:

1. Input Validation: Validate and sanitize all user inputs
2. Parameterized Queries: Use parameterized queries to prevent SQL injection
3. Output Encoding: Always encode user-generated content before displaying it
4. Access Control: Implement proper authentication and authorization
5. File Uploads: Validate file types, use safe filenames, and store uploads outside the web root
6. Command Execution: Avoid using user input in system commands

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This application is for educational purposes only. The creators are not responsible for any misuse of this software. Always ensure you have proper authorization before testing security on any system.