ZVP for short is a project where I try to simulate real-world web vulnerabilities like Cross-Site Scripting (XSS), File Inclusion, and OS Command Injection. This project is designed for educational purposes and aims to help users practice web security testing techniques.
- Cross-Site Scripting (XSS)
- File Inclusion (LFI/RFI)
- OS Command Injection
- Dockerized environment for easy setup and use.
-
Clone the repository:
git clone https://github.com/Zeeyad-Sayed/Z-Vulnerable-Website-Project.git
-
Navigate to the project directory:
cd Z-Vulnerable-Website-Project
-
Build the Docker image:
docker build -t vulnerable-website .
-
Run the Docker container:
docker run -d -p 8080:80 vulnerable-website
-
Access the application in your browser:
- Open
http://localhost:8080
to view the vulnerable web pages.
- Open
-
Cross-Site Scripting (XSS):
- Found on the
/xss.php
page, allows injecting malicious scripts into input fields.
- Found on the
-
File Inclusion:
- Located on
/file_inclusion.php
, allows LFI and RFI attacks by including files from the server or remote locations.
- Located on
-
OS Command Injection:
- Present on
/os_injection.php
, allowing the execution of arbitrary system commands through user input.
- Present on
This project is for educational purposes only. Any testing or exploitation of systems without prior authorization is illegal.
Feel free to create issues or submit pull requests to improve the project!