bWAPP 2.2
bWAPP is an "extremely buggy wep app" intended for researching and discovering common security issues. It deliberately covers over 100 vulnerabilities ranging from SQL injection, to XSS, CGI exploits, SSL tampering, remote code execution, RFI, SSRF, CORS, buffer overflows; and replicates many high-profile exploits of other applications (Drupal, Wordpress). It's implemented in PHP, but of course only meant to be run in a sandbox or with its bee-box VM exposing further server process vulnerabili