A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.
The goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it's OK to have a little fun.
There are currrently three versions in this version of Vicnum.
Guessnum, a game to guess a number the computer has picked.
Jotto, a game to guess a word the computer has picked.
And the Union Challenge which is new to version 1.5
Besides untarring the tar into the right folder and some Apache webserver tweaking, three MySQL tables will need to be created.
A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues. Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up 'capture the flag' exercises or by those who just want to have some fun with web assessments.
create database vicnum;
grant ALL on *.* to rool@localhost INDENTIFIED by 'vicnum' ;
create table guessnumresults (idnum int(4) NOT NULL auto_increment PRIMARY KEY, name char(100), guess int(3) ZEROFILL, count int(2), tod TIMESTAMP );
create table jottoresults (idnum int(4) NOT NULL auto_increment PRIMARY KEY, name char(100), guess char(5), count int(2), tod TIMESTAMP);
create table unionresults (idnum int(4) NOT NULL auto_increment PRIMARY KEY, name char(100), unionquery char(150), tod TIMESTAMP );
vicnum15.tar (276.5 kB)
http://sourceforge.net/projects/vicnum/files/vicnum15/
For More Information -
https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
http://sourceforge.net/projects/vicnum/
Screenshot -
0 comments:
Post a Comment