🎯 DAST Testing Target Application

This application contains intentional vulnerabilities for security testing.

💉 SQL Injection

Login Page - Authentication bypass
Product Search - Data extraction
Registration - INSERT injection
REST API - API injection
User API - Numeric parameter

Test Payloads:

' OR '1'='1' --
' UNION SELECT 1,2,3,4,5 --
admin'--

🔴 Cross-Site Scripting (XSS)

Guestbook - Stored XSS
Reflect Page - Reflected XSS
DOM XSS - Client-side XSS

Test Payloads:

<script>alert('XSS')</script>
<img src=x onerror=alert(1)>
<svg onload=alert(1)>

🔧 Other Vulnerabilities

Command Injection
File Inclusion / Path Traversal
Open Redirect
Insecure Cookies
Missing Security Headers (all pages)
Information Disclosure (error messages)
Plaintext Passwords in Database

📡 Scanning Information

Port 80:	http://localhost:80
Port 8080:	http://localhost:8080
phpMyAdmin:	http://localhost:8081
Test Credentials:	admin / admin123
Alt Credentials:	testuser / test