PwnShop Mobile v1.0.0

PwnShop Mobile is an intentionally vulnerable Android e-commerce app built for CTF competitions and mobile security training.

Around 47 documented vulnerabilities across OWASP Mobile Top 10 (2024), OWASP LLM Top 10 (2025), and business logic flaws.

Default Accounts

• Seller: seller@pwnshop.com / password123
• Buyer: buyer@pwnshop.com / password123

Setup

1. Download the APK below
2. Enable Install from Unknown Sources on your Android device
3. Install and launch PwnShop

For educational and authorized security testing only.