VulnShop - redirect

🔓 Vulnerability Demo Pages

This application contains the following intentional vulnerabilities for scanner testing:

Page	Vulnerability	CWE
Home (XSS)	Reflected XSS	CWE-79
Home (Debug)	Information Disclosure (phpinfo)	CWE-200
Login	SQL Injection, No brute-force protection	CWE-89
Register	No CSRF, Stored XSS, Plaintext Password	CWE-352, CWE-79, CWE-256
Forgot Password	Password Disclosure, User Enumeration	CWE-256, CWE-203
Product (SQLi)	SQL Injection (UNION)	CWE-89
Search	Reflected XSS + SQL Injection	CWE-79, CWE-89
Comments	Stored XSS, No CSRF	CWE-79, CWE-352
Profile	IDOR, Sensitive Data Exposure	CWE-639, CWE-200
Admin Panel	Broken Access Control, Command Injection, Path Traversal	CWE-284, CWE-78, CWE-22
File Upload	Unrestricted File Upload	CWE-434
XML Parser	XXE Injection	CWE-611
URL Fetcher	SSRF	CWE-918
Deserialize	Insecure Deserialization	CWE-502
Redirect	Open Redirect	CWE-601