PhpDev.App
yeswehack/vulnerable-code-snippets

yeswehack/vulnerable-code-snippets

Stars: 658

Forks: 82

Pull Requests: 3

Issues: 3

Watchers: 24

Last Updated: 2023-09-12 09:43:05

Twitter vulnerable snippets

License:

Languages: PHP, Python, Go, JavaScript, Shell, CSS, HTML, C, Dockerfile, Java

YWH Logo Vulnerable Code Snippets Vulnerable code snippet (Vsnippet) banner YesWeHack Github repo

YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!

~ New vulnerable code snippet at Twitter @yeswehack every Friday! 🗒

If you want to see something special or if you just have an idea about a vulnerable code snippet, feel free to create a "New Issue" where you explain your idea, no idea is stupid.


⚠️ Be aware

Be sure to run this in a secure environment, as the code is vulnerable and is intended to be used for learning code analysis!

Twitter posts 🔖

A Collection of all vulnerable code snippets posted on our Twitter 📂

📜#1 - SQLi & XSS | Backslash filter collide
📜#2 - Improper file access & XSS | Invalid char and regex verificaion
📜#3 - Log Forging injection, Path traversal & Code injection | Poor filter and improper include() handling
📜#4 - XSS | Invalid user input filter
📜#5 - SSRF & Broken authorization | Trusted user input and client IP from header
📜#6 - SSTI | Mixed input format
📜#7 - SQLi | Use of invalid variable within statement
📜#8 - CSRF | No CSRF token included
📜#9 - Open Redirect | Invalid regex handler
📜#10 - DOM XSS | Backend filter collide with client side JavaScript
📜#11 - CORS | Misconfigured Access-Control-Allow header
📜#12 - CSRF/ClickJacking | GET request CSRF with insecure delete process / ClickJacking - X-Frame-Options set in HTML meta tag
📜#13 - Path Traversal/Unrestricted File Upload | Poor Path Traversal and file upload protection results in a code injection
📜#14 - DOS | Incorrect operator handler in "for loop"
📜#15 - Weak Password Recovery Mechanism for Forgotten Password | Weak hash for password recovery
📜#16 - IDOR | insecure if statement leads to improper access control
📜#17 - Insecure deserialization | Execute trusted user input inside pickle function "loads()"
📜#18 - Path Traversal | Improper user validation of filename
📜#19 - Open Redirect | Invalid handling of user-controlled input "location.hash"
📜#20 - SQL injection | Invalid use of function replace(), The char is only replaced once
📜#21 - PostMessage DOM XSS | No origin validation, leading to PostMessage DOM XSS
📜#22 - XSS/OpenRedirect | The filter protection does not filter all special characters that can be used to exploit the vulnerabilities
📜#23 - Buffer overflow | Take user's STDIN input with the gets() function without checking the buffer size
📜#24 - SQL injection | Incorrect use of the PHP function "addslashes()"
📜#25 - XSS - CSP bypass | No validation of user input along with insecure handling of nonce
📜#26 - Path Traversal | The filter provided by the PHP function "preg_replace()" is limited to filtering only the first 10 characters
📜#27 - Web Cache Poisoning | The HTTP header "Referer" is reflected in the cached response body without being filtered
📜#28 - Business logic vulnerability | An attacker can withdraw negative amounts to increase the overall balance of their account
📜#29 - IDOR | An attacker can gain access to sensitive data from other users by performing a Forced browsing attack
📜#30 - Insecure deserialization | Use of a dangerous function (exec) that can be controlled by the user, resulting in an RCE
📜#31 - LFI | No proper character escaping or filter verification. The "include()" function executes all PHP code in the given file, no matter the file extension, resulting in code injection
📜#32 - Format injection! | Format a string containing values provided by the client, resulting in a format injection
📜#33 - SQL injection (second order) | All SQL queries use prepared statements except the last one. This statement extracts a value from the database that was once controlled by the user and adds it to the SQL query, leading to an SQL injection (second order)
📜#34 - Regular expression Denial of Service (ReDoS) | Poorly configured regex pattern used to filter user-controlled input
📜#35 - XSS | Trusted user input in GET parameter
📜#36 - Unrestricted File Upload | Insufficient validation of the file extension of the uploaded file and missed validation of the file content

Vulnerabilities 💀

Programming Language 💻

Also included


Installation 🏁

This will create a new MySQL user and a database for the vulnerable code snippet to use. (You should not move code snippets or any other file within repo)

git clone https://github.com/yeswehack/vulnerable-code-snippets.git

⚠️ Replace '<USERNAME>' '<PASSWORD>' '<DATABASE>' and remove the #. This will be your new MySQL vulnerable snippet user, password and Database (MySQL must be installed).

Make sure your in the correct folder when running this commands.

sudo apt update;
sudo systemctl start mysql;
cd db/;
chmod +x setupVsnippet.sh;
./setupVsnippet.sh # '<USERNAME>' '<PASSWORD>' '<DATABASE>';
sudo systemctl restart mysql;

Update

Inside the vulnerable snippet folder use: (Get the newest code snippets)

git pull

~ H4v3 y0u f0und th3 E4st3r 3gg y3t? 🐇🪺

For questions, help or if you have discovered a problem with the code. Contact us on Twitter: @yeswehack 📬

RELEASES

See all