README.md

darkly

This project is an introduction to the web security. The goal is to find 14 vulnerabilities in the web-app.

env

To use the scripts set IPADDR env variable to the current ip address of the app.
For example, export IPADDR=192.168.64.4

Vulnerability/Attack/Exploit:

• Form Validation
• Reflected XSS
• Stored XSS
• Broken Authentication
• Brute Force Credentials
• Path Traversal
• Referer Spoofing
• Security Misconfiguration
• Scraping
• SQLi (images)
• SQLi (members)
• Unrestricted File Upload
• Unvalidated Redirects
• Web-Parameter-Tampering