19 April 2011 | 11,080 views

BodgeIt Store – Vulnerable Web Application For Penetration Testing

Prevent Network Security Leaks with Acunetix

There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features

  • Easy to install – just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up

There is also a ‘scoring’ page where you can see various hacking challenges and whether you have completed them or not.

Install

All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.

Then point your browser at (for example) http://localhost:8080/bodgeit

The author recommends Zed Attack Proxy to get you started.

You can download BodgeIt Store here:

bodgeit.1.1.0.zip

Or read more here.



Recent in Exploits/Vulnerabilities:
- Everything You Need To Know About POODLE SSLv3 Vulnerability
- OpenVPN Vulnerable To Shellshock Exploit
- Everything You NEED To Know About Shellshock Bug In BASH

Related Posts:
- Metasploitable – Test Your Metasploit Against A Vulnerable Host
- Hack.me – Build, Host & Share Vulnerable Web Application Code
- OWASP Bricks – Modular Deliberately Vulnerable Web Application

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,808 views
- AJAX: Is your application secure enough? - 119,146 views
- eEye Launches 0-Day Exploit Tracker - 85,071 views

Low-cost VPS Hosting

2 Responses to “BodgeIt Store – Vulnerable Web Application For Penetration Testing”

  1. DEVIL'S BLOG ON SECURITY 20 April 2011 at 7:52 pm Permalink

    Thanks for the information, now I can have another addition to my list

  2. inzel 27 April 2011 at 4:24 pm Permalink

    Anyone have some guides on this? I have completed most of the “challenges” but seem to be stuck on some stuff. Any help is appreciated