Webapp (php+mysql) con fallitos pa ir jugando, puede ser una opcion pa levantar en los servidores. " Vulnerability’s: SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote File Inclusion) Command Execution Upload Script Login Brute Force And much more… " http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/