{"id":51014222,"url":"https://github.com/OWASP/Vulnerable-Web-Application","last_synced_at":"2026-07-09T08:00:26.685Z","repository":{"id":37580259,"uuid":"176823794","full_name":"OWASP/Vulnerable-Web-Application","owner":"OWASP","description":"OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber ","archived":false,"fork":false,"pushed_at":"2024-04-10T13:03:37.000Z","size":875,"stargazers_count":326,"open_issues_count":6,"forks_count":315,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-05-01T11:53:31.205Z","etag":null,"topics":["command-execution","directory-traversal","file-upload","php","sql","sql-injection","vulnerable-web-app","web","xss","xss-vulnerability"],"latest_commit_sha":null,"homepage":"https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Application","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-20T22:01:15.000Z","updated_at":"2024-05-01T11:17:26.000Z","dependencies_parsed_at":"2022-07-12T16:24:46.766Z","dependency_job_id":null,"html_url":"https://github.com/OWASP/Vulnerable-Web-Application","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/OWASP/Vulnerable-Web-Application","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FVulnerable-Web-Application","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FVulnerable-Web-Application/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FVulnerable-Web-Application/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FVulnerable-Web-Application/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/Vulnerable-Web-Application/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FVulnerable-Web-Application/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35291639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-09T02:00:07.329Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-execution","directory-traversal","file-upload","php","sql","sql-injection","vulnerable-web-app","web","xss","xss-vulnerability"],"created_at":"2026-06-21T08:01:37.629Z","updated_at":"2026-07-09T08:00:26.675Z","avatar_url":"https://github.com/OWASP.png","language":"PHP","funding_links":[],"categories":["Learning Platforms \u0026 Labs"],"sub_categories":["Self-hostable"],"readme":"# Vulnerable Web Application \n\n![VulnWeb](https://github.com/OWASP/Vulnerable-Web-Application/blob/master/Resources/VulnWeb.png)\n\n## What is Vulnerable-Web-Application\n\nVulnerable-Web-Application is a website that is prepared for people who are interested in web penetration and who want to have\ninformation about this subject or to be working. In fact, the website is quite simple to install and use.\n\nVulnerable-Web-Application categorically includes Command Execution, File Inclusion, File Upload, SQL and XSS. For database-requiring\ncategories, it creates a database under localhost with one button during setup. In case of corrupted or changed databases, you can\ncreate a database again.\n\n## Installation Guide\n\nIf you want to run this tool, first of all you need to download web server solution like \"xampp\"- you can download xampp from\n[Xampp](https://www.apachefriends.org/tr/download.html). After your installation;\n\nFor Windows you need to copy the files into the xampp/htdocs folder.\n\nFor Mac Os  you need to install mampp and  copy the files into the mamp/htdocs folder.\n[Mampp](https://www.mamp.info/en/downloads/)\n\nFor Linux after download our files first you need to open apache server and copy the files to /var/www/html\n\n## Docker Container\nYou can also run the **Vulnerable Web Application** in Docker with the folowing command:\n\n```\ndocker run -it --name vuln_app -p 9991:80 santosomar/vuln_app:latest /bin/bash\n```\n**Note**: You can change the port 9991 to any port you desire depending your implementation. \n\n### Other Configurations:\n\nThe `php.ini` file should be  altered. You can find the location of your `php.ini` file under the folder which php is installed.\n- `allow_url_include` = on - Allows for Remote File Inclusion\n- `allow_url_fopen` = on - Allows for Remote File Inclusion\n- `safe_mode` = off - (If PHP \u003c= v5.4) Allows for SQL Injection\n- `magic_quotes_gpc` = off - (If PHP \u003c= v5.4) Allows for SQL Injection\n\n## Application Setup\n\n- After editing the previous configuration, open the Xampp Control Panel and start Apache,MySQL. \n- Your MySQL credentials must stay the default credentials (e.g., username:root \u003c-\u003e password:\"\")\n- Open up the `index.php` file in the \u003cb\u003eVulnerable Web Application\u003c/b\u003e directory. Follow the directions and create database. \n\n**Note**: You can reset the database at any time, if needed or if you run into any problems. Once the database is ready, you can go to homepage and start hacking.\n\n## License\nThe contents of this repository are licensed under the GNU General Public License v3.0.\n \n## Version\n1.0.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2FVulnerable-Web-Application","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOWASP%2FVulnerable-Web-Application","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2FVulnerable-Web-Application/lists"}