Deliberately vulnerable PHP code examples for testing static analysis tools and security training, covering common vulnerabilities such as SQL Injection, XSS, CSRF, and more.
☆12Apr 27, 2026Updated this week
Alternatives and similar repositories for vulnerable-php-code-examples
Users that are interested in vulnerable-php-code-examples are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Python SDK for GMO Aozora Net Bank, Ltd.☆11Oct 4, 2022Updated 3 years ago
- ☆16Apr 6, 2021Updated 5 years ago
- SSRF 绕过 Payload☆15Nov 12, 2020Updated 5 years ago
- A framework and build automation tool to process exploits/payloads to evade antivirus and endpoint detection response products using reus…☆11Jan 16, 2024Updated 2 years ago
- -☆11Nov 21, 2020Updated 5 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- ☆11Aug 18, 2021Updated 4 years ago
- Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution☆13Dec 2, 2024Updated last year
- BruteProxy.py framework for brute-forcing via HTTP/HTTPS requests with looping proxies.☆12Jan 12, 2026Updated 3 months ago
- Apache OfBiz Auth Bypass Scanner for CVE-2023-51467☆11Dec 31, 2023Updated 2 years ago
- OSCP Exam Report Template in Markdown☆11Jan 14, 2021Updated 5 years ago
- Simple example of how to use Chrome as headless browser on AWS lambda☆16Mar 6, 2020Updated 6 years ago
- ☆15Apr 6, 2025Updated last year
- Archive of pentestmonkey.net cheat sheets in case the site goes away permanently☆13Oct 28, 2019Updated 6 years ago
- A PoC exploit for CVE-2023-51467 - Apache OFBiz Authentication Bypass☆12Dec 31, 2023Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Attacking indiscriminately every header, cookie, GET and POST parameter with blind fury.☆13Sep 25, 2025Updated 7 months ago
- Scrippy is a browser extension that holds sql statements (think clip board) to aid devlopers in the testing of websites for basic code in…☆12Aug 21, 2022Updated 3 years ago
- Free simple responsive website template☆13Feb 25, 2019Updated 7 years ago
- XDNR is a X0R Cryptor along with DEC/N0T/R0R encoder plus random byte insertion encoder, that generates null free encrypted and encoded s…☆17Jul 12, 2022Updated 3 years ago
- ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be …☆13May 10, 2022Updated 3 years ago
- ☆18Jul 11, 2025Updated 9 months ago
- A PoC exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE)☆10Jul 12, 2024Updated last year
- A PoC exploit for CVE-2023-23752 - Joomla Improper Access Check in Versions 4.0.0 through 4.2.7☆16Feb 1, 2026Updated 3 months ago
- DNS utils module for bepass sdk, supporting doh, dot, dnscrypt and static hosts file like configuration☆16Jan 13, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.☆17May 19, 2024Updated last year
- ☆20Mar 7, 2024Updated 2 years ago
- A Simple JS code to keylogger data and send it to the personal server☆31Dec 30, 2024Updated last year
- Burp Suite extension for extracting metadata from files☆20Dec 29, 2020Updated 5 years ago
- Harmlessly goof up your co-workers browser and chrome dev tools☆79Mar 29, 2013Updated 13 years ago
- CSRF Proof of Concept script generator webapp 💻🔒☆20Feb 15, 2023Updated 3 years ago
- Unauthenticated Command Injection In Progress Kemp LoadMaster☆19Aug 26, 2025Updated 8 months ago
- Slide deck for DEF CON 30 - Read Team Village - Offensive Wireless Security presentation☆13Aug 16, 2022Updated 3 years ago
- ☆27Sep 4, 2017Updated 8 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- MajorDoMo Unauthenticated RCE: Deep Dive & Exploitation Techniques☆15Dec 18, 2023Updated 2 years ago
- This repository contains complete source code for setting up the environment and exploit code for the vulnerability.☆19Mar 23, 2023Updated 3 years ago
- A PoC for CVE-2022-2588 that triggers a WARNING☆10Sep 28, 2022Updated 3 years ago
- nmap -> searchploit -> GoBuster/Eyewitness & LDAPsearch & SMBclient & Showmount☆21Apr 26, 2020Updated 6 years ago
- Ghidra's development plugins, scripts, contributing. Presentation☆13Aug 10, 2020Updated 5 years ago
- Basic Keylogger Using C++ 🔑 Coded in C++, this keylogger captures all alpha-numeric keys, space bar, enter key, delete key, etc. It requ…☆18Jun 8, 2021Updated 4 years ago
- ☆11Oct 17, 2024Updated last year