Skip to content

Poremich/owasp-bricks-php8

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
config
config
 
 
content-1
content-1
 
 
content-2
content-2
 
 
content-3
content-3
 
 
content-4
content-4
 
 
content-5
content-5
 
 
content-6
content-6
 
 
images
images
 
 
includes
includes
 
 
javascripts
javascripts
 
 
login-1
login-1
 
 
login-2
login-2
 
 
login-3
login-3
 
 
login-4
login-4
 
 
login-5
login-5
 
 
login-6
login-6
 
 
stylesheets
stylesheets
 
 
upload-1
upload-1
 
 
upload-2
upload-2
 
 
upload-3
upload-3
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
LocalSettings.php
LocalSettings.php
 
 
README.md
README.md
 
 
about.html
about.html
 
 
bricks.html
bricks.html
 
 
content-pages.html
content-pages.html
 
 
docker-compose.yml
docker-compose.yml
 
 
favicon.ico
favicon.ico
 
 
file-upload-pages.html
file-upload-pages.html
 
 
index.php
index.php
 
 
info.php
info.php
 
 
init.sql
init.sql
 
 
login-pages.html
login-pages.html
 
 
oldLocalSettings.php
oldLocalSettings.php
 
 
readme.txt
readme.txt
 
 

Repository files navigation

OWASP Bricks PHP8 - Login-1 Lab

Overview

OWASP Bricks PHP8 is a modified version of the OWASP Bricks project, designed to demonstrate various vulnerabilities in web applications and provide a platform for learning about web security. This specific version of OWASP Bricks has been modified to support PHP 8 and utilizes MySQLi functions for database interaction.

The login-1 lab is the first in a series of labs designed to teach users about common web application security vulnerabilities related to authentication and session management.

Features

Based on OWASP Bricks PHP8 project Updated to support PHP 8 Utilizes MySQLi functions for database interaction Contains a modified login-1 lab for learning about authentication vulnerabilities

Prerequisites

Linux: Ensure you have apache2 and mysql services.

Usage

  1. Go to html folder

bash cd /var/www/html

  1. Clone the repository:

bash git clone https://github.com/mstekh/owasp-bricks-php8.git

  1. Navigate to the project directory:

bash cd owasp-bricks-php8

  1. List files

bash ls

delete file LocalSetting.php with

bash sudo rm LocalSettings.php

  1. Start mysql and apache2 services

bash sudo service mysql start bash sudo service apache2 start

  1. Access the OWASP Bricks PHP8 application:

Using mysql create database bricks. In kali linux user root password toor for mysql.

Open a web browser and navigate to http://localhost/owasp-bricks-php8 to access the OWASP Bricks PHP8 application nd set it up.

image

After submitting download file LocalSettings.php and move it to /var/www/html/owasp-bricks-php8

bash sudo mv LocalSettings.php /var/www/html/owasp-bricks-php8

Open a web browser and navigate to http://localhost/owasp-bricks-php8/login-1/ to access the OWASP Bricks lab-1.

image

Lab Instructions: The login-1 lab is centered around exploiting vulnerabilities related to authentication and session management, specifically focusing on MySQL injections. Your objective is to gain unauthorized access by leveraging MySQL injection techniques.

The login credentials for this lab are: Username: admin Password: admin

Your goal is to log in using MySQL injection methods, demonstrating common web application security issues associated with inadequate input validation and database query construction.

Contributing Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.

License This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgements Special thanks to the OWASP Bricks project contributors for their work on the original project.

About

owasp-bricks-php8

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 50.1%
  • PHP 31.1%
  • HTML 10.6%
  • CSS 8.1%
  • Dockerfile 0.1%