🎯 PHP / ASP - Shell Backdoor List 🎯

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Clear all your logs in [linux/windows] servers 🛡️

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

A Deliberately Insecure Web Application

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

A cutting-edge PHP 7.4+ webshell designed for advanced penetration testing.

Repository contains an online education portal filled with web vulnerabilities.

Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration.

Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. Checks on attribute values. Can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.

Effectively protect your web application from malicious attacks. This lightweight and highly customizable WAF provides HTTP request filtering, blocking SQL injections, XSS attacks, and other potentially dangerous requests.

A collection of vulnerable applications to test the DursGo scanner.

Wordfence Custom "Lockout" and "Blocked" Messages that Maximize Security by minimizing information provided to attackers

Backdoor Collection 👾

Basic SQL Injection Labs in Docker

Fake Instagram Login is a simple project to demonstrate a fake login page for educational purposes. It mimics Instagram's login interface to raise awareness about phishing attacks and online security. Use it for learning and ethical security testing only. Not for malicious activities.