本文介绍了一款包含已知漏洞的Web应用——WackoPicko,用于测试和学习Web安全技能。文章详细说明了如何从源代码安装WackoPicko,并配置MySQL数据库。
There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking.
There are others such as:
- Vicnum – Lightweight Vulnerable Web Application
- Web Security Dojo – Training Environment For Web Application Security
Another I learned of recently is WackoPicko, it’s basically a website that contains known vulnerabilities and was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners [PDF].
To Install From Source
Download the source package as below, then import the WackoPicko database into MySQL using a command like the following:
mysql -u -p < current.sql
This will create the MySQL user WackoPicko with the password webvuln!@# as well as create the WackoPicko table. The final step is to enable read/write access to the upload directory of WackoPicko for the webserver user. An easy way to do this is:
chmod 777 -R upload
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
