-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.php
326 lines (260 loc) · 20.3 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
<?php
$link=mysqli_connect("localhost","root","");
mysqli_select_db($link,'project');
if(mysqli_select_db($link, 'project'))
{
echo'<a href="./index.php">';
}
else
{
{
echo "<center><h1><b>WEB APPLICATION BASED VULNERABILITIES SIMULATION<b></h1><br>";
echo'<body bgcolor="#F8F9F9"><br><br><center>
<a href="reset.php">Create Database</a></center><br><br></body>';
exit("<center><b>Create Database First</b></center>");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>WAVS</title>
<link href="css/styles.css" rel="stylesheet" />
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.2/css/all.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap">
<link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.4.1/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.15.0/css/mdb.min.css" rel="stylesheet">
<script src="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/js/all.min.js" crossorigin="anonymous"></script>
</head>
<body class="sb-nav-fixed">
<nav class="sb-topnav navbar navbar-expand-sm bg-dark navbar-dark">
<a class="navbar-brand" href="index.php"><font size="7" face="Revamped" color="white">WAVS</font></a><button class="btn btn-link btn-sm order-1 order-lg-0" id="sidebarToggle" href="#"><i class="fa fa-bars"></i></button>
<!-- Navbar Search-->
<form class="d-none d-md-inline-block form-inline ml-auto mr-0 mr-md-3 my-2 my-md-0">
<div class="input-group">
<div class="input-group-append">
</div>
</div>
</form>
<!-- Navbar-->
<ul class="navbar-nav ml-auto ml-md-0">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" id="userDropdown" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><i class="fa fa-user-secret"></i></a>
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="userDropdown">
<a class="dropdown-item" href="index.php">Home</a>
<!--<a class="dropdown-item" href="About.php">Team</a>-->
<a class="dropdown-item" href="setup.php">Setup/Reset Machine</a>
</div>
</li>
</ul>
</nav>
<div id="layoutSidenav">
<div id="layoutSidenav_nav">
<nav class="sb-sidenav accordion sb-sidenav-dark" id="sidenavAccordion">
<div class="sb-sidenav-menu">
<div class="nav">
<!-- <div class="sb-sidenav-menu-heading">Dashboard</div> -->
<br><a class="nav-link" href="index.php">
<div class="sb-nav-link-icon"><i class="fa fa-home"></i></div>
HOME</a>
<div class="sb-sidenav-menu-heading">Vulnerable Machines</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse1" aria-expanded="false" aria-controls="collapse1">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
SQL Injection
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse1" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/injections/inject.php">About</a>
<a class="nav-link" href="attacks/injections/auth.php">Authentication Bypass</a>
</nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse2" aria-expanded="false" aria-controls="collapse2">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Broken Authentication and Session Management
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse2" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/broken/broken_main.php">About</a>
<a class="nav-link" href="attacks/broken/lesson1.php">Weak Login Credentials</a></nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse3" aria-expanded="false" aria-controls="collapse3">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Cross-Site Scripting (XSS)
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse3" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/xss/xss_main.php">About</a>
<a class="nav-link" href="attacks/xss/xss_r.php">Reflected XSS</a>
<a class="nav-link" href="attacks/xss/xss_s.php">Stored XSS</a></nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse4" aria-expanded="false" aria-controls="collapse4">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Security Misconfiguration
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse4" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/security_misconfiguration/sec.php">About</a>
<a class="nav-link" href="attacks/security_misconfiguration/bruteforce.php">Brute Force Attack</a></nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse5" aria-expanded="false" aria-controls="collapse5">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Sensitive Data Exposure
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse5" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/senstive_data_exposure/sde.php">About</a>
<a class="nav-link" href="attacks/senstive_data_exposure/plaintext.php">User Credentials Sent in Plaintext</a>
<a class="nav-link" href="attacks/senstive_data_exposure/plaintext_db.php">Plaintext Passwords from Database</a>
</nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse6" aria-expanded="false" aria-controls="collapse6">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Missing Function Level Access Control
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse6" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/missing_function/msflac.php">About</a>
<a class="nav-link" href="attacks/missing_function/unauthenticated.php">Unauthenticated User Access to Admin</a>
</nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse7" aria-expanded="false" aria-controls="collapse7">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Cross-Site Request Forgery (CSRF)
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse7" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/csrf/csrf_main.php">About</a>
<a class="nav-link" href="attacks/csrf/gmail.php">CSRF in Gmail
</a><a class="nav-link" href="attacks/csrf/comment.php">CSRF in Comment Box</a>
</nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse8" aria-expanded="false" aria-controls="collapse8">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Unvalidated Redirects And Forwards
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse8" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/unvalidated_redirects/unvalidated.php">About</a>
<a class="nav-link" href="attacks/unvalidated_redirects/manual.php">Manual Redirects
</a><a class="nav-link" href="attacks/unvalidated_redirects/automatic.php">Automatic Redirects</a>
</nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse9" aria-expanded="false" aria-controls="collapse9">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Unrestricted File Upload
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse9" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/file_inclusion/fi.php">About</a>
<a class="nav-link" href="attacks/file_inclusion/arbitrary.php">Arbitrary File Upload</a></nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapse10" aria-expanded="false" aria-controls="collapse10">
<div class="sb-nav-link-icon"><i class="fa fa-unlock-alt"></i></div>
Click Jacking
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div>
</a>
<div class="collapse" id="collapse10" aria-labelledby="headingOne" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="attacks/click_jacking/click_jack.php">About</a>
<a class="nav-link" href="attacks/click_jacking/Click.html">Click Jacking Practical</a>
</nav>
</div>
<!-- <a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapsePages" aria-expanded="false" aria-controls="collapsePages">
<div class="sb-nav-link-icon"><i class="fas fa-book-open"></i></div>
Pages
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i>
</div></a>
<div class="collapse" id="collapsePages" aria-labelledby="headingTwo" data-parent="#sidenavAccordion">
<nav class="sb-sidenav-menu-nested nav accordion" id="sidenavAccordionPages">
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#pagesCollapseAuth" aria-expanded="false" aria-controls="pagesCollapseAuth"
>Authentication
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i></div
></a>
<div class="collapse" id="pagesCollapseAuth" aria-labelledby="headingOne" data-parent="#sidenavAccordionPages">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="login.html">Login</a><a class="nav-link" href="register.html">Register</a><a class="nav-link" href="password.html">Forgot Password</a></nav>
</div>
<a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#pagesCollapseError" aria-expanded="false" aria-controls="pagesCollapseError"
>Error
<div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i></div
></a>
<div class="collapse" id="pagesCollapseError" aria-labelledby="headingOne" data-parent="#sidenavAccordionPages">
<nav class="sb-sidenav-menu-nested nav"><a class="nav-link" href="401.html">401 Page</a><a class="nav-link" href="404.html">404 Page</a><a class="nav-link" href="500.html">500 Page</a></nav>
</div>
</nav>
</div> -->
</div>
</div>
</nav>
</div>
<div id="layoutSidenav_content">
<main>
<div class="container-fluid">
<h1 class="mt-4" align="center"><b>Web Application Vulnerability Simulation</b></h1>
<ol class="breadcrumb mb-4">
<!-- <li class="breadcrumb-item"><a href="index.php">Dashboard</a></li>
<li class="breadcrumb-item active"><a href="#">Static Navigation</a></li> -->
<li class="breadcrumb-item active">HOME</li>
</ol>
</div>
<section class="content">
<br>
<p><b>WEB APPLICATION BASED VULNERABILITIES SIMULATOR (WAVS)</b> is a PHP/MySQL based Web Simulator that Covers the Top Ten Attacks of OWASP-2013. The motive of creating the WAVS is to practice and perform the practicals of OWASP Top 10 - 2013,
in a legal enviornment. This will help Web Develpers, Students and all the people who want to understand the most common web vulerabilities listed by OWASP.</p><br>
<span id="c"><b>General Instructions</b></span><br>
<ul>
<li>WAVS contains all the vulnerabilities from OWASP Top 10. Go to through the "About" page of every vulnerability before starting the practical.</li>
<li>To start the WAVS, you need a localhost Web Platform Server. We recommend you to use XAMPP. XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for scripts written in the PHP and SQL programming languages.</li>
<li>You have to install the latest version of XAMPP first in your Operating System. When completed, open the installed folder of "XAMPP", go to "htdocs" and paste the folder "WAVS" inside it.</li>
<li>Once copied, Open your Browser and write "localhost/wavs" OR "127.0.0.1/wavs" in the URL and hit Enter.</li>
<li>You'll find the "Create Database" option. Click on that for creating the database for WAVS and again go to "localhost/wavs" OR "127.0.0.1/wavs".</li>
<li>You'll get the FrontEnd of the WAVS. Enjoy learning how the attacks works.</li>
</ul>
<span id="c"><b>Default Credentials</b></span><br>
<ul>
<li>Username : admin <br> Password : password</li>
<li>Username : admin2 <br> Password : password2</li>
<li>Username : root <br> Password : toor</li>
</ul>
<br><br>
<span id="c"><b>Project Credits - Lucideus and Team HAXONIC</b></span><br><br>
</section>
</main>
<footer class="py-4 bg-light mt-auto">
<div class="container-fluid">
<div class="d-flex align-items-center justify-content-between small">
<div class="text-muted">Copyright © WAVS 2020.</div>
<div>
<a href="#">Privacy Policy</a>
·
<a href="#">Terms & Conditions</a>
</div>
</div>
</div>
</div>
</footer>
</div>
</div>
<script src="https://code.jquery.com/jquery-3.4.1.min.js" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script>
<script src="js/scripts.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.15.0/js/mdb.min.js"></script>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
</body>
</html>