Update Mutillidae v-2.1.20 – with full Vulnerabilities Listing php script

Our Post Before : http://www.seclist.us/mutillidae-v-2119-released-with-video.html
Change Log for NOWASP (Codename: Mutillidae) 2.1.20:
  •         Changed some color schemes
  •         Bug fix: The html5 key validation on the on the html5 page was too restrictive. The validator was throwing errors even when the input was ok. This validation checks for any non-alphanumeric characters and prints an error if non-alphanumeric characters are found. This error message contains the bad key the user input. Since the site fails to output encode this error message, it is possible to perform DOM injection.
  •         Add the html5-storage.php to the vulnerabilities listing.
 Vulnerabilities Listing :

add-to-your-blog.php
  •     SQL Injection on blog entry
  •     SQL Injection on logged in user name
  •     Cross site scripting on blog entry
  •     Cross site scripting on logged in user name
  •     Log injection on logged in user name
  •     CSRF
  •     JavaScript validation bypass
  •     XSS in the form title via logged in username
  •     The show-hints cookie can be changed by user to enable hints even though they are not suppose to show in secure mode
arbitrary-file-inclusion.php    System file compromise
Load any page from any site

authorization-required.php

No known vulnerabilities. We should add something.
This page is only used in secure mode. In insecure mode, the site does not authorize user.

browser-info.php

  •     XSS via referer HTTP header
  •     JS Injection via referer HTTP header
  •     XSS via user-agent string HTTP header
capture-data.php    XSS via any GET, POST, or Cookie

captured-data.php

XSS via any GET, POST, or Cookie

closedb.inc*

No known vulnerabilities. We should add something.

config.inc*

Contains unencrytped database credentials

credits.php

Unvalidated Redirects and Forwards

dns-lookup.php

  •     Cross site scripting on the host/ip field
  •     O/S Command injection on the host/ip field
  •     This page writes to the log. SQLi and XSS on the log are possible
  •     GET for POST is possible because only reading POSTed variables is not enforced.
footer.php*    Cross site scripting via the HTTP_USER_AGENT HTTP header.

framer.html

Forms caching
Click-jacking

framing.php

Click-jacking

header.php*

XSS via logged in user name and signature
The Setup/reset the DB menu item canbe enabled by setting the uid value of the cookie to 1

home.php

No known vulnerabilities. We should add something.

html5-storage.php

DOM injection on the add-key error message because the key entered is output into the error message without being encoded.

index.php*

  •     You can XSS the hints-enabled output in the menu because it takes input from the hints-enabled cookie value.
  •     You can SQL injection the UID cookie value because it is used to do a lookup
  •     You can change your rank to admin by altering the UID value
  •     HTTP Response Splitting via the logged in user name because it is used to create an HTTP Header
  •     This page is responsible for cache-control but fails to do so
  •     This page allows the X-Powered-By HTTP header
  •     HTML comments
  •     There are secret pages that if browsed to will redirect user to the phpinfo.php page. This can be done via brute forcing
installation.php    No known vulnerabilities. We should add something.

log-visit.php

  •     SQL injection and XSS via referer HTTP header
  •     SQL injection and XSS via user-agent string
login.php
  •     Authentication bypass SQL injection via the username field and password field
  •     SQL injection via the username field and password field
  •     XSS via username field
  •     JavaScript validation bypass
notes.php    No known vulnerabilities. We should add something.

opendb.inc*

No known vulnerabilities. We should add something.

page-not-found.php

  •     No known vulnerabilities. We should add something.
  •     This page is only used in secure mode. In insecure mode, the site does not validate the “page” parameter.
password-generator.php : 
  •     JavaScript injection
pen-test-tool-lookup.php
  •     JSON injection
php-errors.php
  •     No known vulnerabilities. We should add something.
phpinfo.php
  •     This page gives away the PHP server configuration
  •     Application path disclosure
  •     Platform path disclosure
process-commands.php    Creates cookies but does not make them HTML only

process-login-attempt.php

Same as login.php. This is the action page.

redirectandlog.php

Same as credits.php. This is the action page.

register.php

SQL injection and XSS via the username, signature and password field

rene-magritte.php

Click-jacking

robots.txt

Contains directories that are supposed to be private.

secret-administrative-pages.php

This page gives hints about how to discover the server configuration.

set-background-color.php

Cascading style sheet injection and XSS via the color field.

set-up-database.php

No known vulnerabilities. We should add something.

show-log.php

  •     Denial of Service if you fill up the log
  •     XSS via the hostname, client IP, browser HTTP header, Referer HTTP header, and date fields.
site-footer-xss-discusson.php    XSS via the user agent string HTTP header

source-viewer.php
Loading of any arbitrary file including operating system files.

text-file-viewer.php

  •     Loading of any arbitrary web page on the Interet or locally including the sites password files.
  •     Phishing
usage-instructions.php : 

No known vulnerabilities. We should add some.

user-info.php :

  •     SQL injection to dump all usernames and passwords via the username field or the password field
  •     XSS via any of the displayed fields. Inject the XSS on the register.php page.
  •     XSS via the username feild
user-poll.php :
  •     Parameter pollution
  •     GET for POST
  •     XSS via the choice parameter
  •     Cross site request forgery to force user choice
view-someones-blog.php

XSS via any of the displayed fields. They are input on the add to your blog page.

Download : LATEST-mutillidae-2.1.20.zip (7.1 MB)
Find Other Version |
Read more Right here : http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10