VulnApp - Intentionally Vulnerable

This app has every bug type for scanner testing.

• Search (XSS)
• User lookup (SQLi)
• Orders (SQLi)
• File reader (LFI)
• Download (LFI)
• URL fetcher (SSRF)
• Proxy (SSRF)
• Redirect
• Login redirect
• Header set (CRLF)
• Set Cookie (CRLF)
• Log message (CRLF)
• Language (CRLF)
• API Track (CRLF)
• Template (SSTI)
• Greet (SSTI)
• API Users
• API User 1
• API Orders
• API Secrets
• API Config
• API Admin Settings
• API Records
• OpenAPI Spec
• Admin Panel
• .env file
• .git config
• Debug
• PHPInfo
• Actuator
• Actuator Env
• Actuator Health
• WordPress Login
• WP API
• WP Users
• WP Readme
• Grafana
• Jenkins
• Tomcat Manager
• phpMyAdmin
• n8n
• Solr Metrics
• ShenYu Plugin
• Zabbix
• Monitor
• App JS
• Config JS
• WAF XSS
• WAF LFI
• WAF SSRF
• WAF SSTI
• WAF SQLi
• WAF RFI