This repository has been archived by the owner on Aug 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 128
/
index.php
93 lines (72 loc) · 3.35 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>Damn Vulnerable Web Services </title>
<?php require("".dirname(__FILE__)."/bootstrap.php") ?>
</head>
<body>
<!-- Sidebar -->
<div id="wrapper">
<div class="col-md-3">
<?php require("".dirname(__FILE__)."/sidebar.php") ?>
</div>
<!-- Page Content -->
<div id="page-content-wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<h1>Damn Vulnerable Web Services </h1>
<p>In the modern web, Web Services are the backbone of a Web application. Furthermore, Web Services can be implemented in numerous ways using SOAP and REST protocols. Understanding how to implement these services securely can be trivial for developers due to the broad range of attack surface.</p>
<p>Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.</p>
<p>The aim of this project is to help security professionals learn about Web Application Security through the use of a practical lab environment.</p>
<p align="justify">
This application includes the following vulnerabilities.
<ul>
<li>WSDL Enumeration</li>
<li>XML External Entity Injection</li>
<li>XML Bomb Denial-of-Service</li>
<li>XPATH Injection </li>
<li>WSDL Scanning</li>
<li>Cross Site-Tracing</li>
<li>OS Command Injection</li>
<li>Server Side Request Forgery</li>
<li>SQL Injection</li>
<li>Same Origin Method Execution</li>
<li>JSON Web Token (JWT) Secret Key Brute Force</li>
<li>Cross-Origin Resource Sharing</li>
</ul>
<p>
Enjoy and hack the planet!
</p><br>
<p><strong>Copyright</strong><br>
This work is licensed under GNU GENERAL PUBLIC LICENSE Version 3. <br>
To view a copy of this license, visit <a href="http://www.gnu.org/licenses/gpl-3.0.txt">Gnu.org</a>
</p>
<a href="#menu-toggle" class="btn btn-default" id="menu-toggle">Toggle Menu</a>
</div>
</div>
</div>
</div>
<!-- /#page-content-wrapper -->
</div>
<!-- /#wrapper -->
<!-- jQuery -->
<script src="js/jquery.js"></script>
<!-- Bootstrap Core JavaScript -->
<script src="js/bootstrap.min.js"></script>
<!-- Menu Toggle Script -->
<script>
$("#menu-toggle").click(function(e) {
e.preventDefault();
$("#wrapper").toggleClass("toggled");
});
</script>
</body>
</html>