| Field | Value |
|---|---|
| ID | 1 |
| Username | admin |
| admin@vulnerable.local | |
| Password | admin123 |
| Role | admin |
Try changing user_id in the URL to view other users' profiles.
This application contains the following intentional vulnerabilities for scanner testing:
| Page | Vulnerability | CWE |
|---|---|---|
| Home (XSS) | Reflected XSS | CWE-79 |
| Home (Debug) | Information Disclosure (phpinfo) | CWE-200 |
| Login | SQL Injection, No brute-force protection | CWE-89 |
| Register | No CSRF, Stored XSS, Plaintext Password | CWE-352, CWE-79, CWE-256 |
| Forgot Password | Password Disclosure, User Enumeration | CWE-256, CWE-203 |
| Product (SQLi) | SQL Injection (UNION) | CWE-89 |
| Search | Reflected XSS + SQL Injection | CWE-79, CWE-89 |
| Comments | Stored XSS, No CSRF | CWE-79, CWE-352 |
| Profile | IDOR, Sensitive Data Exposure | CWE-639, CWE-200 |
| Admin Panel | Broken Access Control, Command Injection, Path Traversal | CWE-284, CWE-78, CWE-22 |
| File Upload | Unrestricted File Upload | CWE-434 |
| XML Parser | XXE Injection | CWE-611 |
| URL Fetcher | SSRF | CWE-918 |
| Deserialize | Insecure Deserialization | CWE-502 |
| Redirect | Open Redirect | CWE-601 |