Home » , , » bWAPP - an extremely buggy web application !

bWAPP - an extremely buggy web application !

Written By mediana saputra on Saturday, 12 January 2013 | 06:06

bWAPP or a buggy web application is a free and open source web application build to allow security enthusiasts, students and developers to better secure web applications. It is for educational purposes only.

bWAPP contains a lot of vulnerabilities from the OWASP Top 10 project.

It includes:
*/ injection vulnerabilities like SQL, HTML, command and mail injections
*/ Cross-Site Scripting (XSS)
*/ Cross-Site Request Forgery (CSRF)
*/ malicious file uploads
*/ authentication, authorization and session management issues
*/ directory traversal
*/ information disclosures
*/ configuration issues
*/ much more...

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache and MySQL. It can also be installed with WAMP or XAMPP.

This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. IT security, ethical hacking, training and fun... all mixed together.

bWAPP - Bug fixes and new features

Current version: bWAPP v1.01 updated on 10/01/2013

Bug fixes:

PHP session errors
connection setting issues (setting 'localhost:3306' not valid)
time period for the 'security_level' cookie has changed to 1 year.
New features:

It is pretty easy to install bWAPP.
*/ Windows, Linux, Unix, Mac OS,...
*/ a web server (Apache, IIS,...)
*/ the PHP extensions
*/ a MySQL installation
*/ (or you could install WAMP or XAMPP)

Installation steps

No! I will not explain how to install Apache/IIS, PHP and MySQL :)

*/ Extract the 'zip' or 'tar' file.

example on Linux:

tar -cvf bWAPP.tar

*/ Move the directory 'bWAPP' (and the entire content) to the root of your web server.

*/ Give full permission to the folders 'passwords' and 'images'.

example on Linux:

chmod 777 passwords/
chmod 777 images/

*/ Edit the file 'config.inc' with your own MySQL settings.


$server = "localhost"; // your database server (IP/name), here 'localhost
$username = "root"; // your MySQL user, here 'root'
$password = ""; // your MySQL password, here 'blank'

*/ Browse to the file 'install.php' in the directory 'bWAPP'.

example: http://localhost/bWAPP/install.php

*/ Click on 'here' (Click 'here' to install bWAPP).

The database 'bWAPP' will be created.

*/ Go to the login page. If you browse the bWAPP root folder you will be redirected.

example: http://localhost/bWAPP/
example: http://localhost/bWAPP/login.php

*/ Login with the default credentials or make a new user.

default credentials: bee/bug

*/ You are ready to explore and exploit bWAPP!



Share this article :

Post a Comment

Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger