THIS APPLICATION IS INTENTIONALLY INSECURE. For security training and penetration testing labs ONLY. Do NOT deploy in production or on public networks.
Lab ini dirancang untuk memahami kerentanan web application berdasarkan OWASP Top 10. Fokus utama bukan pada mencari flag, melainkan:
- Menemukan kerentanan yang ada
- Memahami mengapa kerentanan tersebut berbahaya
- Mengeksploitasi untuk membuktikan dampaknya
- Mengetahui cara mitigasi yang benar
git clone https://github.com/thebugitself/IVMarket.gitStart lab:
docker compose up --buildStop Lab:
docker compose down -v| Service | URL | Credentials |
|---|---|---|
| Frontend | http://localhost | — |
| Backend | http://localhost:3001 | — |
| MySQL | localhost:3306 | root / rootpassword |
| Redis | localhost:6379 | (no password) |
| Username | Password | Role |
|---|---|---|
| admin | admin123 | admin |
| john_doe | password123 | user |
| jane_smith | password123 | user |
| bob_wilson | password123 | user |
├── docker-compose.yml # All services
├── init.sql # Database schema + seed data
├── cheat-sheet.txt # Vulnerability guide & exploit reference
├── vulnerabilities.md # Detailed OWASP vulnerability map
├── backend/
│ ├── Dockerfile
│ ├── package.json
│ ├── server.js # All API endpoints (intentionally broken)
│ └── uploads/ # Public upload directory
└── frontend/
├── Dockerfile
├── nginx.conf
├── package.json
├── vite.config.js
└── src/
├── App.jsx
├── App.css
├── context/AuthContext.jsx
└── components/
├── Navbar.jsx
├── Login.jsx
├── Register.jsx
├── Marketplace.jsx
├── ProductDetail.jsx
├── Profile.jsx
├── AddProduct.jsx
├── Search.jsx
├── Checkout.jsx
├── Wallet.jsx
├── Orders.jsx
├── AdminDashboard.jsx
├── AdminUsers.jsx
├── AdminLogs.jsx
├── AdminPing.jsx
└── AdminExport.jsx
See vulnerabilities.md for full details and cheat-sheet.txt for exploit guidance.
This project is provided as-is for educational purposes only. Use responsibly.