12 March 2010 | 10,809 views

Vicnum – Lightweight Vulnerable Web Application

Check For Vulnerabilities with Acunetix

Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises.

Being a small web application with no complex framework involved, Vicnum can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed in evaluating a web security scanner or a web application firewall, you might want to control a target web application to see what the scanner can find and what the firewall can protect.

Ultimately the major goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it’s OK to have a little fun.

The guessing part of the game itself is quite fun too, there’s an online version of Vicnum hosted here:

http://vicnum.ciphertechs.com/

I can guess the number correctly with 1 try every time (that’s an easy one), also got an SQL injection to dump out all the scores recorded. Seeing what else can be done now.

It’s actually quite a fun one to play around with.

You can download Vicnum v1.4 here:

VMvicnum14.zip

Or read more here.



Recent in Exploits/Vulnerabilities:
- Everything You Need To Know About POODLE SSLv3 Vulnerability
- OpenVPN Vulnerable To Shellshock Exploit
- Everything You NEED To Know About Shellshock Bug In BASH

Related Posts:
- WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation
- BodgeIt Store – Vulnerable Web Application For Penetration Testing
- Hack.me – Build, Host & Share Vulnerable Web Application Code

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,818 views
- AJAX: Is your application secure enough? - 119,146 views
- eEye Launches 0-Day Exploit Tracker - 85,072 views

Advertise on Darknet

Comments are closed.