Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

HTTP Verb Tampering Demo

Request Method: GET

Verb Tampering Tests

This page only blocks GET for admin actions. Try these:

1. POST bypass (delete user)

Username:

2. POST bypass (change password)

Username: New Password:

3. Test with curl (PUT/DELETE)

# PUT request
curl -X PUT -d "action=delete_user&username=test" http://localhost/verb.php

# DELETE request
curl -X DELETE http://localhost/verb.php