yeswehack / vulnerable-code-snippets
- вторник, 22 ноября 2022 г. в 00:33:55
https://github.com/yeswehack/vulnerable-code-snippets
Twitter posts
Vulnerabilities
Programming Language
Installation
Twitter vulnerable snippets
Vulnerable Code Snippets
YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!
~ New vulnerable code snippet at Twitter @yeswehack every Friday!
Be sure to run this in a secure environment, as the code is vulnerable and is intended to be used for learning code analysis!
Twitter posts 🔖
A Collection of all vulnerable code snippets posted on our Twitter
Vulnerabilities 💀
- Broken access control - CWE-284
- Code injection - CWE-94
- Cross Site Request Forgery (CSRF) (CSRF) - CWE-352
- SQL injection (SQLi) (SQLi) - CWE-89
- Cross Site Scripting (XSS) - CWE-79
- Open Redirect - CWE-601
- Server-side template injection (SSTI) - CWE-1336
- Server Side Request Forgery (SSRF)- CWE-918
Programming Language 💻
Also included
- SQL (MySQL)
- HTML
- CSS
Installation 🏁
This will create a new MySQL user and a database for the vulnerable code snippet to use.
(You should not move code snippets or any other file within repo)
mkdir VsnippetYWH && cd VsnippetYWH;
git clone https://github.com/yeswehack/vulnerable-code-snippets.git
⚠️ Replace'<USERNAME>''<PASSWORD>''<DATABASE>'and remove the#. This will be your new MySQL vulnerable snippet user, password and Database!
Make sure your in the correct folder when running this commands.
sudo apt update;
sudo systemctl start mysql;
cd db/;
chmod +x setupVsnippet.sh;
./setupVsnippet.sh # '<USERNAME>' '<PASSWORD>' '<DATABASE>';
sudo systemctl restart mysql;Update
Inside the vulnerable snippet folder use: (Get newest snippets)
git pullFor questions, help or if you have discovered a problem with the code. Contact us on Twitter: @yeswehack