insecure-bank/README.md

Setup

• Use a typical Webserver + PHP + SQL setup
• Initialize the database with the instructions from db-init.sql
• Copy the webroot directory onto the webserver
• Inside webroot, copy config.sample.php to config.php and enter the SQL credentials
• Register on the webpage to get your own account
• Make yourself an admin:
  Using an SQL management software, set the admin field to 1 in the entry of the table user that corresponds to your account.

Target instance to attack

insecure-bank.infinityfreeapp.com

Sorry, infinityfree deleted my instance because of inactivity. Please setup your own instance and try to attack that one instead.

Let me know when you are ready to launch your attack against my instance.