Vulnerable websites for testing ?

Hackthebeans · 05-30-2013, 07:40 AM

Can somebody know where I can get vulnerable wordpress or any other engine , install it on hosting and test it ? I want to just learn SQL Injection not for hacking but just for fun and know how it's working. I found something on Google but I don't thinks it's helpful.

Thanks

Ex094 · 05-30-2013, 08:04 AM

You can use Damn Vulnerable Web App, you can simply install it on your local PC via XAMPP or upload to a webhost. Here's the download link http://www.dvwa.co.uk/

Hackthebeans · 05-30-2013, 08:17 AM

Is there any WP app ?

eX094 thanks for the link.

RogueCoder · 05-30-2013, 09:36 AM

Another project you should check out is Mutillidae, you can download it here. It is installed just like DVWA, and it gives you hands on experience with OWASP Top 10 and other things.
It also has different security levels, and extensive hints on every single vulnerability and how they work and can be exploited.

If you just want to try out some simple sql injection you can check out http://sqlzoo.net/hack/

I'm currently working on a vulnerable web application myself, hosted on github. I just have a lot of things to do atm so the progress is a bit slow.
This application also has some tools for trying and saving successful attack strings for sqli and xss. For a preview you can see here

MrGeek · 06-02-2013, 01:04 PM

First Learn SQL Injection,
There are so many WP exploits,
If you have any problem, feel free to post here or PM me

Ex094 · 06-02-2013, 01:12 PM

Agreed! ^^ You should instead first learn Web Exploitation with SQL, SQLi, XSS etc and then try to work them with WP and see if you can come up with some vulnerabilities

soh_cah_toa · 06-05-2013, 08:39 AM

I'm seeing some good advice from these guys. I agree that you need to have the theory down pretty well first. I would recommend reading anything OWASP has to offer regarding SQL injection. I owe a lot of what I know to them.

Try not to focus on just Wordpress injections. Frameworks like WP tend to be difficult to inject into since they employ numerous countermeasures. I'm not saying it's impossible but it's really not a great place to start off at. You're not gonna go anywhere with 'OR''='. Wink

I'm a huge fan of OWASP's WebGoat. You can find it at https://www.owasp.org/index.php/Webgoat. Much like the previous suggestions, it too is a deliberately vulnerable web app for educational purposes. It's pretty awesome.

aliabrar · 11-06-2013, 12:14 PM

(06-02-2013, 01:04 PM)MrGeek Wrote: First Learn SQL Injection,
There are so many WP exploits,
If you have any problem, feel free to post here or PM me

can u tell me any good books which help me to learn about sql injection :troll: plz!!!!!!!

dR.0xYw0Rm · 11-06-2013, 02:05 PM

(11-06-2013, 12:14 PM)aliabrar Wrote:
(06-02-2013, 01:04 PM)MrGeek Wrote: First Learn SQL Injection,
There are so many WP exploits,
If you have any problem, feel free to post here or PM me

can u tell me any good books which help me to learn about sql injection :troll: plz!!!!!!!

Dude, you know that there is a button called "Search" here on HC ?

There are plenty of tutorials about XSS or Sqli in here , you just need to search.

1llusion · 11-06-2013, 06:36 PM

Not really just about SQL injection, but I'll drop it here:
http://hackme.1llusion.info/

And if you want to get into XSS later on:
http://xss.1llusion.info/