⚠️ This is a vulnerable web application designed for educational and penetration testing purposes. Do not deploy on a public-facing server.
- User registration form
- Collects username, email, and password
- Stores user data in the database (with password hashing)
- User login functionality
- Validates credentials against stored database records
- Ends the user session securely
- Redirects to the login or home page
- Allows logged-in users to change their password
- Validates current password before allowing change
- User landing page after login
- Displays user stats, post summaries, or recent activity
- User can view and update their profile information (e.g., name, bio, avatar)
- Form for users to create new blog posts or content entries
- Supports title, body, and optional file/image upload
- Handles file/image uploads securely
- Used by
create_post.phporprofile.phpfor media content
The application is built using the following technologies:
- PHP
Used to handle server-side logic, session management, form processing, and database interactions.
- MySQL
Stores user data, posts, uploads, and other application-related records.
-
HTML
Core structure and markup for all web pages. -
Bootstrap
Utilized for responsive design and UI components (buttons, forms, modals, grids, etc.).
- Download
vulnapp.zipfrom this link - Extract the contents into your web server directory: xampp/htdocs
- Open XAMPP Control Panel
- Start both:
- Apache
- MySQL
- Open your browser and go to:
http://localhost/phpmyadmin
- Create a new database, e.g.,
vulnapp - Import the
vulnapp.sqlfile into the newly created database
- Open your browser and go to:
http://127.0.0.1
- Open the hosts file:
sudo nano /etc/hosts- Add the following line:
127.0.0.1 vulnapp.com
- Save and exit.
- Open your browser and visit:
http://vulnapp.com
- Open
Notepad as Administrator - Open the file:
C:\Windows\System32\drivers\etc\hosts
- Add the following line:
127.0.0.1 vulnapp.com
- Save and exit.
- Open your browser and visit:
http://vulnapp.com