BuggyMart is a simple e-commerce website built with PHP and MySQL. It is designed to be an easy-to-understand platform for learning about common web application vulnerabilities.
This project now contains six distinct vulnerabilities for educational purposes:
- User System (login.php): Vulnerable to SQL Injection.
- Contact Page (contact.php): Vulnerable to Stored Cross-Site Scripting (XSS).
- User Profile (profile.php): Vulnerable to Insecure Direct Object Reference (IDOR).
- Admin Panel (admin.php): Vulnerable to Authentication Bypass.
- File Uploads (upload.php):
- Vulnerable to Unrestricted File Upload.
- Vulnerable to Path Traversal on the delete function.
- Frontend: HTML, Bootstrap 5, custom CSS, JavaScript
- Backend: PHP (procedural, no frameworks)
- Database: MySQL
Step 1: Install XAMPP
- Download and install XAMPP from the official website.
- Run the XAMPP Control Panel.
Step 2: Place Project Files
- Create a folder named buggymart inside the htdocs directory of your XAMPP installation (e.g., C:/xampp/htdocs/buggymart).
- Place all the project files (index.php, login.php, etc.) inside this buggymart folder.
- Inside buggymart, create the following sub-folders:
- css (and place style.css inside it)
- js (and place main.js inside it)
- images (for product images)
- uploads (this will be created automatically if it doesn't exist)
Step 3: Start Apache and MySQL
- In the XAMPP Control Panel, click the Start button for both the Apache and MySQL modules.
Step 4: Create the Database
- Open your web browser and navigate to http://localhost/phpmyadmin/.
- Create a new database named buggymart_db.
- Select the new database and go to the SQL tab.
- Copy the contents of database.sql and execute it to create the tables and sample data.
Step 5: Access the Website You are all set! Open your browser and go to:
You should now see the enhanced BuggyMart homepage.
Sample Credentials
- User: user / password123
- Admin: admin / adminpass