Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.
Update: Jarlsberg is now Gruyere
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:
- How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
- How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
Some Exploit Screenshots
Information Disclosure – Read the contents of the database off of a running server by exploiting a configuration vulnerability.
Debug Dump Page URL – http://google-gruyere.appspot.com/457262944951/dump.jtl
The id changes based on your session.
Alert Dialog box which indicates the presence of Cross Site Scripting Vulnerability present in Jarlsberg
Stored XSS alert
Jarlsberg includes a number of special features and technologies which add attack surface.
- HTML in Snippets: Users can include a limited subset of HTML in their snippets.
- File upload: Users can upload files to the server, e.g., to include pictures in their snippets.
- Web administration: System administrators can manage the system using a web interface.
- New accounts: Users can create their own accounts.
- Template language: Jarlsberg Template Language(JTL) is a new language that makes writing web pages easy as the templates connect directly to the database. Documentation for JTL can be found in
- AJAX: Jarlsberg uses AJAX to implement refresh on the home and snippets page. You should ignore the AJAX parts of Jarlsberg except for the challenges that specifically tell you to focus on AJAX.
Vulnerabilities In Gruyere
- Cross-Site Scripting (XSS)
- File Upload XSS
- Reflected XSS
- Stored XSS
- Stored XSS via HTML Attribute
- Stored XSS via AJAX
- Reflected XSS via AJAX
- Client-State Manipulation
- Elevation of Privilege
- Cookie Manipulation
- Cross-Site Request Forgery (XSRF)
- Cross Site Script Inclusion (XSSI)
- Path Traversal
- Information disclosure via path traversal
- Data tampering via path traversal
- Denial of Service
- DoS – Quit the Server
- DoS – Overloading the Server
- Code Execution
- Information disclosure
- AJAX vulnerabilities
- DoS via AJAX
- Phishing via AJAX
- Buffer Overflow and Integer Overflow
- SQL Injection
Explore hosted version of Jarlsberg and start uncovering the vulnerabilities
Gruyere Hosted Version
|Gruyere (Previously Jarlsberg) Info
||Gruyere (Previously Jarlsberg)