A bad site This is an example of a vulnerable site ripe with php/sql injection and several questionable design choices.
- Don't edit the source files (beside the config)
- Yes you do have all of the files at your disposal, the challenge is to fix them
- Show tables
- Get admin
- Find/document all of the vulnerabilities. Make the pull request.
change lib/config.php to match your local environment
- make a development folder inside of \htdocs\
cd <XAMP installation folder>/htdocs/<development folder>git clone https://github.com/mjrerle/badsite- edit lib/config.php:
- change public $url_local=''; to
public $url_local = "<path/to/dev/folder>" - run xampp
- start apache server
- open web browser goto "localhost:80"
- make a development folder inside of \htdocs\
- navigate to
- goto https://github.com/mjrerle/badsite
- click on "# releases"
- download source code, save to \htdocs<development folder>
- change public $url_local=''; to
public $url_local = "<path/to/dev/folder>" - run xampp
- start apache server
- open web browser goto "localhost:80"
- start PuTTY
- use default settings and enter @.cs.colostate.edu under "Host Name or IP Address"
- enter password, say "yes/no" to the prompt
mkdir -p public_html/<development folder>cd public_html/<development folder>git clone https://github.com/mjrerle/badsite- change public $url_public=''; to
public $url_public = "~<username>" - run perms.sh (gives appropriate permissions)
- open web browser goto http://www.cs.colostate.edu/~username
- make a development folder inside of /htdocs/
cd <XAMP installation folder>/htdocs/<development folder>git clone https://github.com/mjrerle/badsite- change public $url_local=''; to
public $url_local = "<path/to/dev/folder>" - run xampp
- start apache server
- open web browser goto "localhost:80"
mkdir -p public_html/<development folder>cd public_html/<development folder>git clone https://github.com/mjrerle/badsite- change public $url_public=''; to
public $url_public = "~<username>" - run perms.sh (gives appropriate permissions)
- open web browser goto http://www.cs.colostate.edu/~username
- make a development folder inside of Applications//htdocs/
cd Applications/<MAMP installation folder>/htdocs/<development folder>git clone https://github.com/mjrerle/badsite- change public $url_local=''; to
public $url_local = "<path/to/dev/folder>" - run mamp
- start apache server
- open web browser goto "localhost:8888"
mkdir -p public_html/<development folder>cd public_html/<development folder>git clone https://github.com/mjrerle/badsite- change public $url_public=''; to
public $url_public = "~<username>" - run perms.sh (gives appropriate permissions)
- open web browser goto http://www.cs.colostate.edu/~username