This is a deliberately vulnerable web application designed to test the BOAND exploitation framework. All vulnerabilities are intentionally implemented for security research and testing purposes.
⚠️ WARNING: This application is EXTREMELY vulnerable. Only deploy on isolated test environments!
Test blind, time-based, and union-based SQL injection vulnerabilities with data extraction capabilities.
Reflected, stored, and DOM-based XSS testing with cookie theft and session hijacking.
Cross-site request forgery with missing token validation and weak protection mechanisms.
Server-side request forgery for internal network pivoting and cloud metadata access.
XML external entity injection for file disclosure and SSRF chaining.
OS command injection with reverse shell deployment capabilities.
Path traversal vulnerabilities with encoding bypass techniques.
Unrestricted file upload with web shell deployment testing.
Insecure direct object references for privilege escalation testing.
JWT token vulnerabilities including algorithm confusion and signature bypass.
Server-side template injection for code execution testing.
NoSQL and LDAP injection for database enumeration and data extraction.