Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jbarone/xxelab
A simple web app with a XXE vulnerability.
https://github.com/jbarone/xxelab
Last synced: 12 days ago
JSON representation
A simple web app with a XXE vulnerability.
- Host: GitHub
- URL: https://github.com/jbarone/xxelab
- Owner: jbarone
- License: mit
- Created: 2016-01-27T03:14:31.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2021-11-10T12:01:04.000Z (over 2 years ago)
- Last Synced: 2024-02-29T15:32:57.373Z (4 months ago)
- Language: HTML
- Size: 50.8 KB
- Stars: 212
- Watchers: 7
- Forks: 60
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-vulnerable-apps - XXE Lab - A simple web app with a XXE vulnerability. (OWASP Top 10 / XXE Injection)
README
# XXE Lab #
This virtual environment is a simple php web application that contains an example of an XML eXternal Entity vulnerability.
## Setting Up ##
This lab is designed to be used in [vagrant](https://www.vagrantup.com/). To get setup, first you need to clone this repo and then start vagrant.
$ git clone https://github.com/jbarone/xxelab.git
$ cd xxelab
$ vagrant up
## Using ##
Once the site is up and running you simple navigate your browser to [http://192.168.33.10](http://192.168.33.10) and have fun.
## Docker ##
You can now run XXELab in a Docker container. Build the image:
$ git clone https://github.com/jbarone/xxelab.git
$ cd xxelab
$ docker build -t xxelab .
Run:
$ docker run -it --rm -p 127.0.0.1:5000:80 xxelab
Open [http://localhost:5000](http://localhost:5000) and have fun.
### Notes ###
This lab works best when you make use of a proxy that will allow you to see the requests and responses. There are many you can use, but here are a few recommended ones:
- [Burp Suite](https://portswigger.net/burp/)
- [Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)
- [Mitm Proxy](https://mitmproxy.org)