Skip to content
/ dvwp Public
forked from vavkamil/dvwp

Damn Vulnerable WordPress

Notifications You must be signed in to change notification settings

hexrom/dvwp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Damn Vulnerable WordPress

Playground for WordPress hacking and wpscan testing.

DO NOT EXPOSE THIS TO INTERNET!

Installation

$ git clone https://github.com/vavkamil/dvwp.git
$ cd dvwp/
$ docker-compose up -d --build
$ docker-compose run --rm wp-cli install-wp

Usage

$ docker-compose up -d
$ docker-compose down

Shell

docker exec -ti dvwp_wordpress_1 /bin/bash

Interface

Credentials

  • Wordpress: admin/admin
  • MySQL: root/password

Vulnerabilities

Feel free to contribute with pull requests ;)

Plugins

Otherz

  • Directory listing
  • display_errors
  • info.php
  • dump.sql
  • adminer.php
  • search-replace-db
  • cross-domain

TODO

  1. Add versions and description to each vulnerability in README.md
  2. Upload docker image to Docker Hub registry
  3. Get rid of the Dockerfile
  4. Run wp-cli automatically during build
  5. Use "svn co" or "wp-cli" to download vulnerable plugins directly
  6. Add more vulnerable plugins/themes
  7. Update WP and php to latest
  8. Add vulnerable phpmyadmin?
  9. Add script to pull access.log and error.log from container

About

Damn Vulnerable WordPress

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 93.7%
  • JavaScript 5.1%
  • CSS 1.2%
  • Makefile 0.0%
  • HTML 0.0%
  • SCSS 0.0%