Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

Null Byte Injection

Null Byte Test

Old PHP versions (< 5.3.4) truncate strings at null byte (%00).

The extension check sees .jpg but the OS opens file.php

File:

Test payloads: