Mutillidae: Born to be Hacked
Version: 2.1.19 Not Logged In
Home Login/Register Toggle Security Reset DB View Log View Captured Data

OWASP
Site hacked...err...quality-tested with Samurai WTF, Backtrack, Firefox, Burp-Suite, Netcat, and these Mozilla Add-ons
 
 
Twitter
@webpwnized
 
YouTube
Mutillidae
Channel
 
Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin
Set Background Color
Please enter the background color you would like to see

Enter the color in RRGGBB format
(Example: Red = FF0000)
Background Color
The current background color is eecccc
Hints
  • Cascading Style Injection: This injection uses a different syntax but the methodology to exploit is the same.
  • Inject arbitrary input then check the resulting response for your input
  • To inject HTML or JavaScript into the style, look to close off the style, then start the injection, then comment out the remaining part of the style or complete the remaining part with valid syntax.
  • Example Target:<body style="color:#{dynamic input}">
  • Possible Solution: style="<body color:#""><H1>HELLO WORLD</H1><br anything="">
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PHP Version: 5.2.4-2ubuntu5.10
The newest version of Mutillidae can downloaded from Irongeek's Site