OWASP Mutillidae II: Web Pwn in Mass Production

Version: 2.6.48 Security Level: 0 (Hosed) Hints: Enabled (1 - 5cr1pt K1dd1e) Not Logged In

OWASP 2017

OWASP 2013

OWASP 2010

OWASP 2007

Want to Help?

Video Tutorials

Announcements

Getting Started

Error Message

Failure is always an option

Line 102

Code 0

File /var/www/html/mutillidae/capture-data.php

Message DateTime::__construct(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.

Trace #0 /var/www/html/mutillidae/capture-data.php(102): DateTime->__construct() #1 /var/www/html/mutillidae/index.php(615): require_once('/var/www/html/m...') #2 {main}

Diagnotic Information Error trying to save captured data from capture.php into file

Click here to reset the DB

Capture Data

Back Help Me!

Hints and Videos

SSL Misconfiguration
HTML Injection (HTMLi)
Application Log Injection
SQL Injection (SQLi)
SQL Injection with SQLMap
Cross-site Scripting (XSS)
Cross-site Scripting with BeEF Framework

View Captured Data

Data Capture Page

This page is designed to capture any parameters sent and store them in a file and a database table. It loops through the POST and GET parameters and records them to a file named captured-data.txt. On this system, the file should be found at /tmp/captured-data.txt. The page also tries to store the captured data in a database table named captured_data and logs the captured data. There is another page named captured-data.php that attempts to list the contents of this table.

The data captured on this request is: page = capture-data.php

Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser.