Mutillidae: Born to be Hacked
Version: 2.1.19 Not Logged In
Home Login/Register Toggle Security Reset DB View Log View Captured Data

OWASP
Site hacked...err...quality-tested with Samurai WTF, Backtrack, Firefox, Burp-Suite, Netcat, and these Mozilla Add-ons
 
 
Twitter
@webpwnized
 
YouTube
Mutillidae
Channel
 
Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin
Credits
Created by Irongeek.com. Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin
 
 
Adrian Crenshaw would like to thank the following people for helping him with the Mutillidae project:
 
OWASP for making the vulnerability list I based this on.
Brian Blankenship for his support of the idea.
Mubix for confirming the name
All sorts of folks at PHP.net for code snippets: kaigillmann
Hints
  • For Unvalidated Redirects and Forwards: Unvalidated redirects can make the job of Phishers easier since the URL can be made to look like part of a trusted site. Notice how this page used “redirectandlog.php?forwardurl=” to send a user to another site, and log where it went. A Phisher could use this forward mechanism to make a Phishing URL look more legitimate.
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PHP Version: Not Available (Secure mode doesn't blab the server version)
The newest version of Mutillidae can downloaded from Irongeek's Site