Add vulnerable Docker image

2024-09-23 13:48:10 +02:00 · 2024-09-23 13:48:10 +02:00 · 8fc0ee36cd
commit 8fc0ee36cd
parent 7cd6146ec9
6 changed files with 34 additions and 0 deletions
--- a/vuln_rfi/Dockerfile
+++ b/vuln_rfi/Dockerfile
@ -0,0 +1,5 @@
 FROM php:alpine3.19
 COPY src /src
 WORKDIR /src
 EXPOSE 80
 CMD ["php", "-S", "0.0.0.0:80"]
--- a/vuln_rfi/build.sh
+++ b/vuln_rfi/build.sh
@ -0,0 +1,2 @@
 #!/bin/sh
 sudo docker build -t pierre42100/gns3-appliance-vuln-rfi .
--- a/vuln_rfi/src/about.txt
+++ b/vuln_rfi/src/about.txt
@ -0,0 +1 @@
 I am an old and accustomed developer who wrote too much source code in my life...
--- a/vuln_rfi/src/home.txt
+++ b/vuln_rfi/src/home.txt
@ -0,0 +1,3 @@
 Welcome to this strong and almost secure website!
 Please use the menu below to access the different parts of the application...
--- a/vuln_rfi/src/index.php
+++ b/vuln_rfi/src/index.php
@ -0,0 +1,22 @@
 <?php
 /**
 * My home page
 */
 $page = __DIR__."home.txt";
 if(isset($_GET["page"]))
    $page = $_GET["page"];
 ?>
 <pre>
 <?php echo file_get_contents($page); ?>
 </pre>
 Browse my website:
 <ul>
    <li><a href="index.php?page=home.txt">home</a></li>
    <li><a href="index.php?page=about.txt">about</a></li>
    <li><a href="index.php?page=privacy.txt">privacy</a></li>
 </ul>
--- a/vuln_rfi/src/privacy.txt
+++ b/vuln_rfi/src/privacy.txt
@ -0,0 +1 @@
 Privacy policy: TODO
		`@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`sudo docker build -t pierre42100/gns3-appliance-vuln-rfi .`
		`@ -0,0 +1 @@`
							`I am an old and accustomed developer who wrote too much source code in my life...`
		`@ -0,0 +1,3 @@`
							`Welcome to this strong and almost secure website!`

							`Please use the menu below to access the different parts of the application...`