BodgeIt Store – Vulnerable Web Application For Penetration Testing


There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features

  • Easy to install – just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up

There is also a ‘scoring’ page where you can see various hacking challenges and whether you have completed them or not.


Install

All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.

Then point your browser at (for example) http://localhost:8080/bodgeit

The author recommends Zed Attack Proxy to get you started.

You can download BodgeIt Store here:

bodgeit.1.1.0.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Secure Coding, Web Hacking

, , , ,


Latest Posts:


SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.


2 Responses to BodgeIt Store – Vulnerable Web Application For Penetration Testing

  1. DEVIL'S BLOG ON SECURITY April 20, 2011 at 7:52 pm #

    Thanks for the information, now I can have another addition to my list

  2. inzel April 27, 2011 at 4:24 pm #

    Anyone have some guides on this? I have completed most of the “challenges” but seem to be stuck on some stuff. Any help is appreciated