We’re thrilled to introduce BugBait to the cybersecurity community — a purpose-built vulnerable web application for students, developers, and cybersecurity enthusiasts to sharpen their manual hacking skills and exploit a range of vulnerabilities.

The web application allows you to understand, identify, and exploit a range of vulnerabilities from the OWASP TOP 10 categories. The vulnerable application includes vulnerabilities, right from basic misconfigurations to complex exploits such as SSRF, LFI, GraphQL, JWT, Broken Access Control and CORS attacks. Refer below for the full list of vulnerabilities.

With BugBait, you can practice your manual hacking skills and test your abilities in areal-time, practical setting.

What Makes BugBait unique?

The application simulates a shopping system with features commonly found in most web applications. The feature list includes user registration, user login, add to cart, order processing, product management, and many more.

It’s easy to know about security vulnerabilities in principle; the real difficulty comes from actually finding and exploiting hem.

What Should You Anticipate?

Identify & Exploit Vulnerabilities: Try, hack and learn. You are challenged to understand, identify and exploit more than 20 web application vulnerabilities.

· SQL Injection

· Stored XSS - Multiple Instances

· Blind XSS - Multiple Instances

· Cross-Origin Resource Sharing (CORS) Exploits

· Cross-Site Request Forgery (CSRF)

· Blind Server-Site Request Forgery (SSRF)

· Directory Listing

· Source Code Disclosure

· Insecure Direct Object References (IDOR) – Multiple Instances

· Open Redirect

· Rate Limiting Abuses

· Privilege Escalation - Multiple Instances

· Local File Inclusion (LFI) - Multiple Instances

· Business Logic Bypass - Multiple Instances

· JWT Exploits

· Plaintext Credential Disclosure via …

‍Be Innovative: Don't be scared to try something different; often the best ideas come from thinking outside the box. Try escalating your standard user privileges to administrator!

Hack & Learn: The whole point of BugBait is to keep breaking, learning and improving your web application hacking skills. Breaking things is not an issue here; instead, it's the answer. Every flaw you find makes systems more robust and secure for everyone.

‍Are You In?

BugBait is a hack and learn vulnerable web application. It's designed for people who are prepared to advance their cybersecurity expertise.