Acuart

The Acunetix Acuart website is part of a suite of intentionally insecure web applications provided by Acunetix, a company specializing in automated security testing tools. Other notable applications in this suite include Acuforum[[1]], Acublog[[2]], and SecurityTweets.[[3]]

Acuart specifically simulates an e-commerce art gallery where users can browse categories, artists, and artworks, as well as post comments.

The Acuart website is only accessible online through the official website provided by Acunetix. It does not offer downloadable application code for local execution, limiting the environment to its hosted version. [[4]]

The platform serves as a testing and demonstration tool for the Acunetix Vulnerability Scanner [[5]], an automated solution for identifying security flaws in web applications.

Unlike websites like OWASP Juice Shop, Acuart is not primarily intended as a learning environment for hacking techniques and lacks comprehensive documentation of its architecture and vulnerabilities. There is only a general note on the Acuart website that refers to possible security vulnerabilities such as SQL injections, cross-site scripting (XSS) and cross-site request forgery (CSRF). [[6]] There are also no real-time notifications that provide feedback on successfully executed attacks.

Architecture

Frontend

The user interface of Acuart is built using HTML, CSS, and JavaScript.

The frontend provides a very simple, straightforward experience for browsing art categories, viewing artists, and interacting with artworks.

Backend

The backend of the application is implemented in PHP and is responsible for handling user inputs, interactions, and communication with the database.

Database

Acuart relies on a MySQL database to store its data, including user-generated content such as comments, categories, and artwork details.

Possible Executable Attacks

Like mentioned before, there is only a general note on the Acuart website that refers to possible security vulnerabilities such as SQL Injection (SQLi), Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF) [[7]].

For information on and demonstration of possible SQL Injection attacks in Acunetix Acuart see SQL Injection Examples on Known Vulnerable Web Applications.