PHPackages wangyihang/vulnerable-php-lib - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. wangyihang/vulnerable-php-lib ActiveLibrary wangyihang/vulnerable-php-lib ============================= A collection of vulnerable PHP functions for security testing and education purposes 115PHP Since Aug 1Pushed 9mo ago1 watchersCompare [ Source](https://github.com/WangYihang/vulnerable-php-lib)[ Packagist](https://packagist.org/packages/wangyihang/vulnerable-php-lib)[ RSS](/packages/wangyihang-vulnerable-php-lib/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Vulnerable PHP Library ====================== [](#vulnerable-php-library) A PHP library containing vulnerable functions for security testing and educational purposes. This library can be used for: - Security testing - Vulnerability scanner testing - Security training - Vulnerability research Installation ------------ [](#installation) Install via Composer: ``` composer require wangyihang/vulnerable-php-lib ``` Usage ----- [](#usage) ### Command Injection Vulnerabilities [](#command-injection-vulnerabilities) ``` use VulnerablePhpLib\CommandInjection; // Execute command directly (no filtering) $result = CommandInjection::executeCommand($_GET['command']); // Execute ping command (only space filtering) $result = CommandInjection::pingHost($_GET['host']); // Execute file find (incomplete filtering) $result = CommandInjection::findFile($_GET['filename']); // Execute directory listing (improper parameter concatenation) $result = CommandInjection::listDirectory($_GET['path']); // Execute filtered command (incomplete filtering) $result = CommandInjection::executeFilteredCommand($_GET['command']); ``` ### SSRF Vulnerabilities [](#ssrf-vulnerabilities) ``` use VulnerablePhpLib\SSRF; // Basic SSRF (no filtering) $result = SSRF::fetchUrl($_GET['url']); // SSRF with protocol filtering $result = SSRF::fetchUrlWithProtocol($_GET['url']); // SSRF with IP filtering $result = SSRF::fetchUrlWithIPFilter($_GET['url']); // SSRF with redirect handling $result = SSRF::fetchUrlWithRedirect($_GET['url']); // SSRF with domain filtering $result = SSRF::fetchUrlWithDomain($_GET['url']); // SSRF with response size limit $result = SSRF::fetchUrlWithSizeLimit($_GET['url']); ``` ### File Read Vulnerabilities [](#file-read-vulnerabilities) ``` use VulnerablePhpLib\FileRead; // Basic path traversal $result = FileRead::readFileBasic($_GET['path']); // Path traversal with basic validation $result = FileRead::readFileMedium($_GET['path']); // Path traversal with advanced validation $result = FileRead::readFileAdvanced($_GET['path']); // File read with extension filtering $result = FileRead::readFileWithExtension($_GET['path']); // File read with directory restriction $result = FileRead::readFileWithDirectory($_GET['path'], '/var/www/html'); ``` Security Warning ---------------- [](#security-warning) ⚠️ Warning: This library is for security testing and educational purposes only. Do not use these functions in production environments as they contain serious security vulnerabilities. License ------- [](#license) MIT License ### Health Score 17 — LowBetter than 6% of packages Maintenance40 Moderate activity, may be stable Popularity7 Limited adoption so far Community7 Small or concentrated contributor base Maturity14 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/0e430d38de296dd3b50cd3c067a1f1a8f8ebf9aaf342e2b9e4f4eafd766c2059?d=identicon)[WangYihang](/maintainers/WangYihang) --- Top Contributors [![WangYihang](https://avatars.githubusercontent.com/u/16917636?v=4)](https://github.com/WangYihang "WangYihang (21 commits)") ### Embed Badge ![Health badge](/badges/wangyihang-vulnerable-php-lib/health.svg) ``` [![Health](https://phpackages.com/badges/wangyihang-vulnerable-php-lib/health.svg)](https://phpackages.com/packages/wangyihang-vulnerable-php-lib) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)