KnowledgeHUB : A vulnerable education portal

This project's sole purpose is for website security testing keeping in mind the OWASP Top 10.
The major web vulnerabilities in this project are :

SQL Injection
Stored XSS
Shell Uploading
Clickjacking
Business Logic
Cross Site Request Forgery (CSRF)

Languages

Objective

The project signifies the importance of website security in today's world as it emphasizes on the major attacks that usually occur accross the world. It contains intentional web vulnerabilities and the methods of securing it are present in the code itself.

Requirements

1) Code Editor

Today we are surrounded by several code editors. If you use Mac, I strongly recommend Sublime Text.
For Windows and Linux users, Visual Studio Code is one of the best.

2) Browser

People often use Chrome; however, for web development and security testing; I recommend Firefox.

3) Server Hosting

If you are excellent with NodeJS, then you can easily make server at localhost. But, a much faster and easier way to do this is by using XAMPP. This project was created using XAMPP.

4) Vulnerability Tester

Since this project revolves around web testing, use of a vulnerability software is helpful. I recommend Burp Suite for this task.

Extra Requirements

Firefox Browser

Type 'about:config' in your search bar. After the advance settings tab open, goto 'network.proxy.allow_hijacking_localhost'. If it is set to FALSE, double click on it to make it TRUE.

Database Creation

If you are using XAMPP, then you should first open the control tab and start Apache and MySQL. After this, Go to your browser and type in 'localhost'. You will be greeted by XAMPP Welcome Page. On top right corner, you will see 'phpmyadmin'. Go there and create a new database called 'studyportal'. After creating it, look carefully for 'Import' option on the dashboard of the database. Click on it and choose the file to be uploaded. In the ZIP folder of my project, I have included a SQL file named 'studyportal.sql' . Upload this file and your database is ready. Do the similar steps for another database named 'hacking' and upload 'hacking.sql' .

Burp Suite Setup

For setting up Burp Suite, Click Here. Also, to download Burp Suite Certificate, Click Here. If you are unable to access webpage, then wait for some time and access it later.

Screenshots

License

Apache Version 2.0

Name		Name	Last commit message	Last commit date
Latest commit History 77 Commits
3b-products.php		3b-products.php
4b-ajax-cart.php		4b-ajax-cart.php
4d-thank-you.php		4d-thank-you.php
LICENSE		LICENSE
README.md		README.md
_config.yml		_config.yml
add_comment_c1.php		add_comment_c1.php
add_comment_c2.php		add_comment_c2.php
add_comment_c3.php		add_comment_c3.php
add_comment_c4.php		add_comment_c4.php
add_comment_c5.php		add_comment_c5.php
add_comment_f1.php		add_comment_f1.php
add_comment_f2.php		add_comment_f2.php
add_comment_f3.php		add_comment_f3.php
book_welcome.png		book_welcome.png
books.html		books.html
books.php		books.php
bootstrap.js		bootstrap.js
bootstrap.min.css		bootstrap.min.css
cancel.php		cancel.php
captcha.php		captcha.php
clickjacking.php		clickjacking.php
comment_c1.php		comment_c1.php
comment_c2.php		comment_c2.php
comment_c3.php		comment_c3.php
comment_c4.php		comment_c4.php
comment_c5.php		comment_c5.php
comment_f1.php		comment_f1.php
comment_f2.php		comment_f2.php
comment_f3.php		comment_f3.php
config.php		config.php
contact.html		contact.html
contact.php		contact.php
contact_welcome_1.png		contact_welcome_1.png
course.js		course.js
course1.html		course1.html
course1.php		course1.php
course2.html		course2.html
course2.php		course2.php
course3.html		course3.html
course3.php		course3.php
course4.html		course4.html
course4.php		course4.php
course5.html		course5.html
course5.php		course5.php
courses.css		courses.css
courses.html		courses.html
courses.php		courses.php
courses_welcome.png		courses_welcome.png
dashboard.js		dashboard.js
dashboard.php		dashboard.php
default.css		default.css
display.php		display.php
dummy.html		dummy.html
faculty.html		faculty.html
faculty.js		faculty.js
faculty.php		faculty.php
faculty1.html		faculty1.html
faculty1.php		faculty1.php
faculty2.html		faculty2.html
faculty2.php		faculty2.php
faculty3.html		faculty3.html
faculty3.php		faculty3.php
faculty_welcome.png		faculty_welcome.png
fetch_comment_c1.php		fetch_comment_c1.php
fetch_comment_c2.php		fetch_comment_c2.php
fetch_comment_c3.php		fetch_comment_c3.php
fetch_comment_c4.php		fetch_comment_c4.php
fetch_comment_c5.php		fetch_comment_c5.php
fetch_comment_f1.php		fetch_comment_f1.php
fetch_comment_f2.php		fetch_comment_f2.php
fetch_comment_f3.php		fetch_comment_f3.php
hacking.sql		hacking.sql
icon.png		icon.png
index.php		index.php
jquery.min.js		jquery.min.js
lock.php		lock.php
login.html		login.html
login.php		login.php
login_content_1.png		login_content_1.png
logout.php		logout.php
pass_chg.php		pass_chg.php
payment.php		payment.php
personal.php		personal.php
register_welcome.png		register_welcome.png
studyportal.sql		studyportal.sql
style.css		style.css
thank.php		thank.php
unauth.html		unauth.html
unauth.js		unauth.js
upload.php		upload.php
website.html		website.html
website.php		website.php
website_logo.png		website_logo.png
website_welcome.png		website_welcome.png

License

praneshn99/web_security_testing

Folders and files

Latest commit

History