VulnerableApp
VulnerableApp copied to clipboard
SasanLabs
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
**Describe the bug** Currently path traversal vulnerability is using query params with Map: https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java#L93-L94 which should be changed to springboot queryparam injection directly.
**Is your feature request related to a problem? Please describe.** Blind SSRF is a very important vulnerability and it is currently not present in Owasp VulnerableApp. A good tutorial video...
**Is your feature request related to a problem? Please describe.** We have not included the Remote File Inclusion vulnerability in the VulnerableApp. A very good tutorial to follow: https://www.youtube.com/watch?v=MHBoCVvzXzc **Describe...
**Is your feature request related to a problem? Please describe.** Currently, we have 2 levels for LFI vulnerability but because it is a very common vulnerability and has a lot...
Error logs: ``` org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'UnrestrictedFileUpload' defined in URL [jar:file:/Users/ksinghsasa/Learning%20Stuff/Web%20Application%20Proxy%20Tools/Payloads/SasanLabs/VulnerableApp/build/libs/VulnerableApp-1.0.0.jar!/BOOT-INF/classes!/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUpload.class]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sasanlabs.service.vulnerability.fileupload.UnrestrictedFileUpload]: Constructor threw exception; nested...
**Is your feature request related to a problem? Please describe.** Analyse the brute force attack with common passwords for jwt as per the following https://raw.githubusercontent.com/wallarm/jwt-secrets/master/jwt.secrets.list list. Read more on https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/...
**Is your feature request related to a problem? Please describe.** Currently we are not having any Unit tests and hence regression is quite tough to handle. This task is an...
**Is your feature request related to a problem? Please describe.** As we have Owasp JuiceShop having how i pwned the juice shop similarly it is better if we have similar...
for now we have supported standalone vulnerabilities but when it comes to vulnerabilities like Session fixation, CSRF etc we need to think more on how can we introduce them in...
**Describe the bug** Validate Billion Laugh attack for [XXE vulnerability](https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/xxe/XXEVulnerability.java). There is some level that can have billion laugh attack but we have not tested it. There is a default...