Shulou(Shulou.com)05/31 Report--

This article is about how to install and try webug. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Installation and trial of webug4.0

01: introduction

The WeBug name is defined as "our loophole" range environment

The basic environment is based on PHP/mysql, and the intermediate environment and high-level environment are operating environments for vulnerabilities collected by Internet vulnerability events, respectively.

Some of the vulnerabilities are based on the vulnerabilities of the Windows operating system, so the web environment of WeBug is installed in a pure version of Windows 2003 virtual machine.

More than 400 days after the release of webug3.0, the security team finally released version 4.0 of webug on the second day of the Lunar New year.

Vulnerability environment contained in 02:webug vulnerability range

Get injection

Picture cracking

Information Collection activity-Directory Port Collection

Brute force cracking exercise

X-forwarded-for injection

Payment loophole

Vertical ultra vires

CSRF

Url Jump

Download any file from GET

Download any file from POST

Upload without verification

Reflective XSS

Storage XSS

Check extension upload

Verify the url jump of the source destination

The file contains

The POST file contains

HOST injection

APK cracking

Delayed injection

DZ7.2 Forum sql injection

Aspcms injection

Phpmyadmin arbitrary file contains vulnerabilities

SQL injection into Zibo system

Pirate cloud merchant getshell

PHP168 arbitrary code execution GET SHELL

Ecshop injection

SQL injection vulnerability in ShopXp system

Dcore (lightweight CMS system) injection vulnerability

Any file of MetInfo containing vulnerabilities can be getshell

Metinfo news.php blind injection

Metinfo img.php blind injection

Wanzhong electronic periodical online reading system PHP and ASP latest version kill SQL injection

BEESCMS sql injection, ignoring defense

Ourphp injection

Phpwind command execution vulnerability

Metinfo password modification for any user

DZ 3.2Storage XSS

DedeCMS flink.php link injection

DedeCms?recommend.php injection

BEESCMS less than or equal to V4 is injected everywhere + goes directly to the background without a password.

Marine x-forwarded-for injection

Php truncation utilization

St2-016

Jboss command execution

Tomcat weak password

Hfs remote command execution

St2-052 command execution

Flash remote command execution

Gh0st remote overflow

IIS6.0 remote overflow

Virtual machine pure version system without any patches (that is, all windows 2003 vulnerabilities including ms08-067, ms17-010, ms15-015, etc.)

Installation of 03:webug4.0

Step 1: download webug4.0 www.webug.org on the official website

Because webug4.0 's web environment is installed in a pure version of windows 2003, so we also need

Download the virtual machine software VMware Workstation Pro https://my.vmware.com

Step 2: install the virtual machine software VMware Workstation Pro

Decompress the downloaded webug4.0

Click Windows Server 2003 Enterprise Edition

Click to turn on the virtual machine, and if you feel the card, you can configure the memory and cpu of the virtual machine.

The default password is empty, just log in directly.

Start phpstudy, and then win+r opens cmd and type ipconfig to view ip.

Local access is 192.168.19.135. The account password defaults to admin.

Thank you for reading! This is the end of this article on "how to install and try webug". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.