XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Related tags

Security Web-Pentesting-eClass
Overview

Open eClass 2.3

Disclaimer

This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to experiment on your self). It can be only used as assignment material Computer Security, don't use it for any other uses.

Docker usage

# create and start (the first run takes time to build the image)
docker-compose up -d

# stop/restart
docker-compose stop
docker-compose start

# stop and remove
docker-compose down -v

Hit http://localhost:8001/ in your browser. If this is your first visit you must run the site installer in the browser.

eclass Settings

  • Database
    • Host : db
    • User : root
    • Password : 1234
  • System Settings
    • Open eClass URL : http://localhost:8001/ (mind the /)
    • Admin's username : drunkadmin

2020 Project 1

Assignment readings: https://ys13.chatzi.org/assets/projects/project1.pdf

Μέλη ομάδας

  • sdi1800105, Χαράλαμπος Μαραζιάρης - Harry Maraziaris
  • sdi1800119, Βησσαρίων Μουτάφης - Vissarion Moutafis
You might also like...
Symfony bundle that provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications

CSRF Cookie Bundle This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints

David Neustadt 8 Nov 28, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

Lars Moelleken 570 Dec 16, 2022
A functional and simple rate limit control to prevent request attacks ready-to-use for PHP.

RateLimitControl A functional and simple rate limit control to prevent request attacks ready-to-use for PHP. Features: Prepared statements (using PDO)

b(i*2)tez 5 Sep 16, 2022
API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL)

SSH-PHP-API API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL) [Install on Ubuntu 20.04: apt install apache2 php php-fpm php-ssh

Вентокс 3 Sep 23, 2022
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Julien Voisin 625 Jan 3, 2023
Slim Framework CSRF protection middleware

Slim Framework CSRF Protection This repository contains a Slim Framework CSRF protection PSR-15 middleware. CSRF protection applies to all unsafe HTTP

Slim Framework 302 Dec 11, 2022
PHP Template Attribute Language — template engine for XSS-proof well-formed XHTML and HTML5 pages

PHPTAL - Template Attribute Language for PHP Requirements If you want to use the builtin internationalisation system (I18N), the php-gettext extension

PHPTAL 175 Dec 13, 2022
Second Stage XSS

SSX Second Stage XSS, This tool will help you to exploit XSS more deeply. Installation: Clone this project This app need permission to write on curren

Dimaz Arno 5 Jul 23, 2022
A simple place to learn XSS
A simple place to learn XSS

XSSPlayground A simple place to learn XSS. Made for myself to learn and to help others (please do use!) Disclaimer This is a works in progress and wil

ac1d 23 Jun 21, 2022
Test a method against a list of XSS known.

php-xss-tests Test a method against a list of XSS known. How to run Just execute "run.sh", it will start a docker container to do all stuff. How I kno

null 1 Oct 25, 2021
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 22 Dec 14, 2022
This website for web pentesters and beginner bug bounty hunters,You can improve your hacking skills by practicing xss in this lab.

XSSLab [Not finished yet, it's under development] XSSLab is a vulnerable website coded By Mahdi Jaber "Mr MJT" {in digital world}.. By XSSLab you can

Mr MJT [Mahdi Jaber] 7 Aug 30, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
A wrapper of voku/anti-xss for Laravel
A wrapper of voku/anti-xss for Laravel

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 18 Jul 18, 2022
FilterGuard is a simple PHP library for sanitizing data. It provides methods to sanitize strings, integers, floats, booleans, arrays, and objects. The library helps protect against common security vulnerabilities such as XSS and SQL injection.

FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra

Dobren Dragojević 6 Jun 11, 2023
Run your WP site on github pages, php innovation award winner https://www.phpclasses.org/package/12091-PHP-Make-a-WordPress-site-run-on-GitHub-pages.html
Run your WP site on github pages, php innovation award winner https://www.phpclasses.org/package/12091-PHP-Make-a-WordPress-site-run-on-GitHub-pages.html

Gitpress Run wordpress directly on github pages Gitpress won the innovation award for may 2021 Read more about this https://naveen17797.github.io/gitp

naveen 13 Nov 18, 2022
Owner
Vissarion Moutafis
In a world without fences and walls, who need Gates and Windows.
Vissarion Moutafis
GitHub
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

Lars Moelleken 570 Dec 16, 2022
API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL)

SSH-PHP-API API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL) [Install on Ubuntu 20.04: apt install apache2 php php-fpm php-ssh

Вентокс 3 Sep 23, 2022
Test a method against a list of XSS known.

php-xss-tests Test a method against a list of XSS known. How to run Just execute "run.sh", it will start a docker container to do all stuff. How I kno

null 1 Oct 25, 2021
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 18 Jul 18, 2022
Informative site with EoL dates of everything

endoflife.date Keep track of various End of Life dates as they are approaching. Visit https://endoflife.date for a list of supported products. This in

endoflife.date 1.2k Jan 4, 2023
Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

Symfony 1.5k Jan 3, 2023
YCOM Impersonate. Login as selected YCOM user 🧙‍♂️in frontend.

YCOM Impersonate Login as selected YCOM user in frontend. Features: Backend users with admin rights or YCOM[] rights, can be automatically logged in v

Friends Of REDAXO 17 Sep 12, 2022
Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity.

Csrf Component Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity

ATOMASTIC 3 Mar 12, 2022