Mutillidae: Born to be Hacked
Version: 2.1.19 Not Logged In
Home Login/Register Toggle Hints Toggle Security Reset DB View Log View Captured Data

OWASP
Site hacked...err...quality-tested with Samurai WTF, Backtrack, Firefox, Burp-Suite, Netcat, and these Mozilla Add-ons
 
 
Twitter
@webpwnized
 
YouTube
Mutillidae
Channel
 
Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin
Usage Instructions
Mutillidae implements the OWASP Top 10 in PHP.

Go to the OWASP Top 10 page to read about a vulnerability, then choose it from the list on the left to try it out. Hints may help.

Mutillidae currently has two modes: secure and insecure (default). In insecure mode, the project works like Mutillidae 1.0. Pages are vulnerable to at least the topic they fall under in the menu. Most pages are vulnerable to much more. In secure mode, Mutillidae attempts to protect the pages with server side scripts. Also, hints are disabled in secure mode. In the interest of makign as many challenges as possible, this can be defeated.

In Mutillidae 2.0, the code has been commented to allow the user to see how the defense works. To get the most out of the project, avoid reading the source code until after learning how to exploit it. But if you get stuck, the comments should help. Learning how the attack works should help to understand the defense.
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PHP Version: 5.2.4-2ubuntu5.10
The newest version of Mutillidae can downloaded from Irongeek's Site