search

chuckfw / owaspbwa

OWASP Broken Web Applications Project
294 stars 103 forks source link

Add WackoPicko Application? #34

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
WackoPicko is a realistic application created with intentional vulnerabilities 
for research on web application scanners.  Would be nice to include this in the 
VM.

More info at:

https://github.com/adamdoupe/WackoPicko

Original issue reported on code.google.com by chuck.f....@gmail.com on 26 Apr 2011 at 2:47

GoogleCodeExporter commented 8 years ago

Original comment by chuck.f....@gmail.com on 26 Apr 2011 at 2:47

GoogleCodeExporter commented 8 years ago 
All of the references are not relative
Example:
<input src="/images/search_button_white.gif" type="image" style="border: 0pt 
none ; position: relative; top: 0px;vertical-align:middle;margin-left: 1em;">
vs
<input src="images/search_button_white.gif" type="image" style="border: 0pt 
none ; position: relative; top: 0px;vertical-align:middle;margin-left: 1em;">
and therefore will not work in the wackopicko folder.  I have contacted the 
project maintainer to try and resolve the issue.  This will have to go on hold 
till we can get a hold of them as it will be additional work to fix.

Original comment by MichaelTCyr@gmail.com on 26 Apr 2011 at 1:55

GoogleCodeExporter commented 8 years ago 
Hi, I am the developer of WackoPicko.

It's taken me a lot longer than expected to make WackoPicko be able to live in 
a directory. 

I'm still working on it, but I will have it working in a week, by May 9th. I'll 
update this bug when it's ready.

Original comment by AdamDo...@gmail.com on 3 May 2011 at 1:27

GoogleCodeExporter commented 8 years ago 
Ok, thanks for the update.  We are doing some misc bug fixes right now, but 
should have a new release out in a week or so.  If you don't have it done by 
then, however, don't worry about it since we are adding the ability (as a beta, 
cross your fingers kind of thing) for users to update the VM from SVN to get 
new apps (and fix minor bugs).

Original comment by chuck.f....@gmail.com on 3 May 2011 at 1:58

GoogleCodeExporter commented 8 years ago

Original comment by MichaelTCyr@gmail.com on 3 May 2011 at 12:19

GoogleCodeExporter commented 8 years ago 
OK, I was finally able to get this fixed.

I've created a new branch on GitHub for WackoPicko.
https://github.com/adamdoupe/WackoPicko/tree/relative_urls

To change the directory, you simply change the DIRECTORY variable in 
website/include/settings.php, but be sure to keep the trailing slash.

Let me know if there's any questions/comments.

Original comment by AdamDo...@gmail.com on 17 May 2011 at 6:07

GoogleCodeExporter commented 8 years ago 
I've integrated the code in OWASPBWA 0.94a3, but unfortunately, any actions 
that require database access result in a web page with the error:

Access denied for user 'www-data'@'localhost' (using password: NO)

This appears to indicate that it is not using the credentials in ourdb.php to 
access the database, but from tracing the source code, I don't see how this is 
happening.

Original comment by chuck.f....@gmail.com on 9 Jul 2011 at 2:12

GoogleCodeExporter commented 8 years ago 
Fixed this issue by fixing database username and password per author's 
suggestion.  Working in 0.94rc1.

Original comment by chuck.f....@gmail.com on 12 Jul 2011 at 3:19