Gruyere – Vulnerable Web Application At Google Code (Previously Jarlsberg)

Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.

Update: Jarlsberg is now Gruyere

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

  • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
  • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

Documentation Here

Jarlsberg - Hosted Vulnerable App

Some Exploit Screenshots

Information Disclosure – Read the contents of the database off of a running server by exploiting a configuration vulnerability.

Debug Dump Page URL – http://google-gruyere.appspot.com/457262944951/dump.jtl

The id changes based on your session.

Jarlsberg Dump Page

Reflected XSS

Alert Dialog box which indicates the presence of Cross Site Scripting Vulnerability present in Jarlsberg


Stored XSS alert

Stored XSS alert


Features

Jarlsberg includes a number of special features and technologies which add attack surface.

  • HTML in Snippets: Users can include a limited subset of HTML in their snippets.
  • File upload: Users can upload files to the server, e.g., to include pictures in their snippets.
  • Web administration: System administrators can manage the system using a web interface.
  • New accounts: Users can create their own accounts.
  • Template language: Jarlsberg Template Language(JTL) is a new language that makes writing web pages easy as the templates connect directly to the database. Documentation for JTL can be found in gruyere/jtl.py.
  • AJAX: Jarlsberg uses AJAX to implement refresh on the home and snippets page. You should ignore the AJAX parts of Jarlsberg except for the challenges that specifically tell you to focus on AJAX.

Vulnerabilities In Gruyere

  • Cross-Site Scripting (XSS)
    • File Upload XSS
    • Reflected XSS
    • Stored XSS
    • Stored XSS via HTML Attribute
    • Stored XSS via AJAX
    • Reflected XSS via AJAX
  • Client-State Manipulation
    • Elevation of Privilege
    • Cookie Manipulation
  • Cross-Site Request Forgery (XSRF)
  • Cross Site Script Inclusion (XSSI)
  • Path Traversal
    • Information disclosure via path traversal
    • Data tampering via path traversal
  • Denial of Service
    • DoS – Quit the Server
    • DoS – Overloading the Server
  • Code Execution
  • Information disclosure
  • AJAX vulnerabilities
    • DoS via AJAX
    • Phishing via AJAX
  • Buffer Overflow and Integer Overflow
  • SQL Injection

Explore hosted version of Jarlsberg and start uncovering the vulnerabilities

Gruyere Hosted Version

Gruyere (Previously Jarlsberg) Info
App Name Gruyere (Previously Jarlsberg)
License free
Type
  • online
  • code
App URL Download
More Info link