Hey reader, this is Pekkis from the future (2025).
When somebody at our work advertised some internal gamified security training, based in OWASP top 10, and utilizing a very badly written app, I just had to revive KobroCMS to be runnable. Nostalgy is strong in me!
Much of the material (all the deep documentation about the known security issues) has been lost to time. I'll try to find that stuff from somewhere, but I am not hopeful.
Dr. Kobros Foundation broudly present: KobroCMS. The next option in discovery of enterprise management content.
Produced by Dr. Kobros Foundation.
Programmer by:
Lead Domestic Programmer be Benedict Lohiposki, son of great leader Gaylord Lohiposki. Long live the Foundation!
Lead Outsource Programmer be Devadutt Chattopadhyay.
Assister by Rajanigandha Balasubramanium and Lalitchandra Pakalomattam.
and speciel guest Java Script coder be Yuyutsu Vettickanakudy.
You need (this be a testy application so we need like reference config, yes!)
- Docker & Docker Compose. Very easy set to up in 2025!
_ You MUST never be running KobroCMS on a real production or important machine or leave KobroCMS open to world. It still have some small security problem inside! _
Installing kobros easy:
docker compose upAfter docker up, you surf to http://kobrocms.tunk.io:8666/
If stuff work, it good! If not, debug. If still not work, shed tears and call mom!
KobroCMS simple. First goes to index.php, single point of entry in whole application. Not much code, follow, follow! Six modules, couple of includes! Simple to follow! Fully documented too!
Your task be to identify potential security threats in kobrocms application. Try to find many problem!