bWAPP

Home

/ A1 - Injection / SQL Injection (Search) SQL Injection (Select) / A3 - Cross-Site Scripting (XSS) / Cross-Site Scripting - Reflected (GET) Cross-Site Scripting - Reflected (POST) / A6 - Sensitive Data Exposure / HTML5 Web Storage (Secret) / A7 - Missing Functional Level Access / Remote & Local File Inclusion

Hi little bees,

This page is dedicated to MMEIT's bWAPP project.
bWAPP is an open source "buggy web application", a sandbox for IT Sec enthusiasts in which you can play and test security flaws for the sake of hacking.
I will try here to help beginners in exploiting some of the security flaws in bWAPP.
However, I recommend you to play with it first to learn as much as possible by yourself.
You can then come here to have further guidance.

Two versions of bWAPP are available :

• bWAPP : The Php/Mysql application
• Bee-box : A (Exploitable) virtual machine running on ubuntu linux with bWAPP preinstalled

You can download and install bWAPP from here.

Follow me on twitter @philophobia78 for infosec concerns.

bWAPP Exploited / © 2013 David Bloom (Twitter @philophobia78)