Awesome
Web Application Cheatsheet (Vulnhub)
This cheatsheet is intended for CTF participants and beginners to help them understand web application vulnerability through examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.
Follow us on
<img src="https://i.ibb.co/xfPQjzq/vulnhub-web-app.jpg" alt="vulnhub-web-app" border="0">Table of Contents
- Drupal
- Jenkins
- Joomla
- WebMin
- Wordpress
- Builder Engine
- CMS Made Simple
- CouchDB
- Cuppa
- Cute News 2.0.3
- Impress
- LibreNMS
- Moodle
- Php Mailer
- Playsms
- Rips
- SPHP Blog
- Squirrel Mail
- PHPText
- Wolf
- Zenphoto
- Redis
- Nano CMS
- OpenEclass E-learning
<a name="drupal"></a>
Drupal ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Droopy | Drupalgeddon |
2. | Billu Box 2 | Drupalgeddon2 |
3. | Lampiao : 1 | Drupalgeddon2 |
4. | Typhoon : 1.02 | Drupalgeddon2 |
5. | DC-1 | Drupalgeddon2 |
6. | RootThis : 1 | Manual |
7. | DC:7 | Manual |
8. | DC:8 |
<a name="jenkins"></a>
Jenkins ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Jarbas : 1 | Jenkins Script Console |
<a name="joomla"></a>
Joomla ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Hackademic-RTB2 | SQL Injection |
2. | Kevgir | Joomla! 1.5.x - 'Token' |
3. | DC-3 | Joomla! 3.7.0 - 'com_fields' SQL Injection |
4. | Born2Root: 2 | Enumeration |
<a name="webmin"></a>
WebMin ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | pWnOS -1.0 | Webmin File Disclosure |
2. | VulnOS: 1 | DistCC Daemon Command Execution |
3. | Nezuko:1 | Webmin 1.920 - Remote Code Execution |
<a name="wordpress"></a>
Wordpress ⤴
<a name="builder"></a>
Builder Engine ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Sedna | builderengine_upload_exec |
<a name="cmsms"></a>
CMS Made Simple ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | West Wild: 2 | CMSMS Showtime2 File Upload RCE |
<a name="couch"></a>
CouchDB ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Moonraker:1 | Node.js deserialization RCE |
<a name="cuppa"></a>
Cuppa ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | W1R3S.inc | '/alertConfigField.php' LFI/RFI |
2. | BRAVERY | '/alertConfigField.php' LFI/RFI |
<a name="cute"></a>
Cute News ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Simple | CuteNews 2.0.3 Remote File Upload |
<a name="impress"></a>
Impress ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Breach 1.0 | Enumeration |
<a name="moodle"></a>
Moodle ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Golden Eye:1 | Moodle - Remote Command Execution |
<a name="phpmailer"></a>
PHP Mailer ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Raven : 2 | PHPMailer < 5.2.18 - Remote Code Execution |
<a name="playsms"></a>
Playsms ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Dina | PlaySMS import.php Authenticated CSV File Upload Code Execution |
<a name="rips"></a>
Rips ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Mercy | RIPS 0.53 - Multiple Local File Inclusions |
<a name="sphp"></a>
Simple PHP Blog ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | pWnOS -2.0 | Simple PHP Blog Remote Command Execution |
<a name="squirrel"></a>
Squirrel Mail ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | DE-ICE:S1.140 | Enumeration |
<a name="phptext"></a>
PHPTax ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Kioprtix: 5 | PhpTax Remote Code Injection |
<a name="wolf"></a>
Wolf ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | SickOS 1.1 | Default Credential |
<a name="zen"></a>
Zenphoto ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Orcus | Enumeration |
<a name="redis"></a>
Redis ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | Gemini inc:2 | Remote Code Execution(RCE) |
<a name="nano"></a>
Nano CMS ⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | LAMPSecurity: CTF 5 | NanoCMS '/data/pagesdata.txt' Password Hash Information Disclosure |
<a name="open"></a>
GUnet OpenEclass E-learning platform⤴
No. | Machine Name | Exploit/Vulnerability |
---|---|---|
1. | VulnUni 1.0.1 | GUnet OpenEclass E-learning platform 1.7.3 |