Where to find vulnerable code examples?
Where can I find brief examples of code that is vulnerable to cross site scripting, SQL injection, and others?
Disclaimer: I'm not going to use this code to do harm; we're hoping to use it as a test in part of the interview process.
Disclaimer: I'm not going to use this code to do harm; we're hoping to use it as a test in part of the interview process.
Comments
-
Mooseboost
Member Posts: 778 ■■■■□□□□□□
I've been messing with hack.me recently - it is a pretty good resource.
OWASP Mutillidae is another good resource as well. You can get it here: https://sourceforge.net/projects/mutillidae/
As far as actual source code goes, I don't know of anywhere to get just that. But, these two should allow someone to prove they have basic web application testing down. -
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
Troy Hunt has a site people access to do things
https://hackyourselffirst.troyhunt.com/
He has video going over the vulnerabilities on it as well.
https://www.youtube.com/watch?v=rdHD6pVG66Q -
wastedtime
Member Posts: 586 ■■■■□□□□□□
I know one I heard of on the OWASP podcast a few months ago was webgoat. -
JB3
Member Posts: 21 ■□□□□□□□□□
-
ramrunner800
Member Posts: 238
Metasploitable 2 has several vulnerable webapps included in it by default, including Damn Vulnerable Web App, Mutilidae, and WebGoat. The thing you'll need to look out for any of these openly available learning tools is whether or not they're freely available for commercial use. I honestly don't know, but look into it. I'd also recommend checking out the various intentionally vulnerable vm's available on VulnHub.com.Currently Studying For: GXPN
-
tedjames
Member Posts: 1,182 ■■■■■■■■□□
Thanks for the information. We really just want to present a candidate with 10-20 lines of code and ask him to tell us what, if anything, is wrong with it. -
Techytach
Member Posts: 140
Q: [h=2]Where to find vulnerable code examples?[/h]A: Windows 10
buh dum tsssss -
ITSpectre
Member Posts: 1,040 ■■■■□□□□□□
In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios -
beads
Member Posts: 1,533 ■■■■■■■■■□
(*WARNING*)
Malc0de Database
If you know what your doing this is the best place to reach REAL up to date in the wild exploit code. If you are unsure or don't know how to capture these samples, simply stay away from it for your own good. These are not samples but up to date sites and code being used in the wild.
Suggest you have your onion and other tools like PDF Stream Dumper, et. al. up and ready to capture. Script kiddies, please sit this one out.
Hunt and capture at your own risk. I take no responsibility for your own lack of skill in this area.
- b/eads -
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
^^^ should probably go to that site in a VM if your gonna play around with it
-
beads
Member Posts: 1,533 ■■■■■■■■■□
Yeah but its a treasure trove of badness just waiting at your fingertips. All you need to do is go out and capture all the compiled code, copy scripts, download PEs and viola! You've got a bricked machine!
Hence all the warnings for the pseudo-pen testers out there. This isn't Quake: "Daddy, don't hurt me" setting.
- b/eads -
Cyberscum
Member Posts: 795 ■■■■■□□□□□
Google Dorks List 2016 | Fresh Google Dorks 2016 for SQLiGoogle dorks...easy as surfing -
drunkenmaster786
Registered Users Posts: 1 ■□□□□□□□□□
Here is the Google Dorks List 2017 where you can find all SQLi and vulernable codes. some android tricks also.
https://howtechhack.com/google-dorks-list-2017/
