Mutillidae 2 is a deliberately vulnerable web application created by Jeremy Druin and currently maintained by OWASP. It is licensed under GPLv3.

You can download Mutillidae 2 locally and install it in a virtual machine. We are providing an online version to save you time and pain of having to do that. 

A sample set of vulnerabilities include:

• Authentication Bypass
• SQL Injection
• Click Jacking
• DOM Injection
• Cross Site Request Forgery
• File Inclusion
• Code Injection

and many more. 

The following username and password may be used to explore the application:

• User: samurai        Password: samurai