Where to find vulnerable code examples?

tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
Where can I find brief examples of code that is vulnerable to cross site scripting, SQL injection, and others?

Disclaimer: I'm not going to use this code to do harm; we're hoping to use it as a test in part of the interview process.

Comments

  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    I've been messing with hack.me recently - it is a pretty good resource.

    OWASP Mutillidae is another good resource as well. You can get it here: https://sourceforge.net/projects/mutillidae/

    As far as actual source code goes, I don't know of anywhere to get just that. But, these two should allow someone to prove they have basic web application testing down.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Troy Hunt has a site people access to do things
    https://hackyourselffirst.troyhunt.com/

    He has video going over the vulnerabilities on it as well.
    https://www.youtube.com/watch?v=rdHD6pVG66Q
  • wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    I know one I heard of on the OWASP podcast a few months ago was webgoat.
  • ramrunner800ramrunner800 Member Posts: 238
    Metasploitable 2 has several vulnerable webapps included in it by default, including Damn Vulnerable Web App, Mutilidae, and WebGoat. The thing you'll need to look out for any of these openly available learning tools is whether or not they're freely available for commercial use. I honestly don't know, but look into it. I'd also recommend checking out the various intentionally vulnerable vm's available on VulnHub.com.
    Currently Studying For: GXPN
  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    Thanks for the information. We really just want to present a candidate with 10-20 lines of code and ask him to tell us what, if anything, is wrong with it.
  • TechytachTechytach Member Posts: 140
    Q: [h=2]Where to find vulnerable code examples?[/h]A: Windows 10

    buh dum tsssss
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    Techytach wrote: »
    Q: Where to find vulnerable code examples?

    A: Windows 10

    buh dum tsssss

    HA!!!! icon_lol.gif
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    (*WARNING*)

    Malc0de Database

    If you know what your doing this is the best place to reach REAL up to date in the wild exploit code. If you are unsure or don't know how to capture these samples, simply stay away from it for your own good. These are not samples but up to date sites and code being used in the wild.

    Suggest you have your onion and other tools like PDF Stream Dumper, et. al. up and ready to capture. Script kiddies, please sit this one out.

    Hunt and capture at your own risk. I take no responsibility for your own lack of skill in this area.

    - b/eads
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    ^^^ should probably go to that site in a VM if your gonna play around with it icon_thumright.gif
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Yeah but its a treasure trove of badness just waiting at your fingertips. All you need to do is go out and capture all the compiled code, copy scripts, download PEs and viola! You've got a bricked machine!

    Hence all the warnings for the pseudo-pen testers out there. This isn't Quake: "Daddy, don't hurt me" setting.

    - b/eads
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    Google dorks...easy as surfing
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
  • drunkenmaster786drunkenmaster786 Registered Users Posts: 1 ■□□□□□□□□□
    Here is the Google Dorks List 2017 where you can find all SQLi and vulernable codes. some android tricks also.

    https://howtechhack.com/google-dorks-list-2017/
Sign In or Register to comment.