Mutillidae: Born to be Hacked
Version: 2.1.19 Not Logged In
Home Login/Register Toggle Hints Toggle Security Reset DB View Log View Captured Data

OWASP
Site hacked...err...quality-tested with Samurai WTF, Backtrack, Firefox, Burp-Suite, Netcat, and these Mozilla Add-ons
 
 
Twitter
@webpwnized
 
YouTube
Mutillidae
Channel
 
Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin
User Poll
User Poll
Choose Your Favorite Security Tool
Initial your choice to make your vote count
  nmap
  wireshark
  tcpdump
  netcat
  metasploit
  kismet
  Cain
  Ettercap
  Paros
  Burp Suite
  Sysinternals
  inSIDDer
Your Initials:
No choice selected
Hints
  • HTTP Parameter Pollution involves sending in duplicate parameters in order to take advantage of how the application server reacts to parsing multiple parameters with the same name.
  • Each brand of web application server acts a little different when two or more parameters with the same name are submitted.
  • This page implements "GET for POST" to make this exercise easier
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PHP Version: 5.2.4-2ubuntu5.10
The newest version of Mutillidae can downloaded from Irongeek's Site