Skip to content

GabrielDyck/TP-SI-2017-2C

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
static
static
 
 
templates
templates
 
 
.DS_Store
.DS_Store
 
 
Commands For Sqlite Hack.txt
Commands For Sqlite Hack.txt
 
 
README.md
README.md
 
 
main.py
main.py
 
 
sample.db
sample.db
 
 
test.sql
test.sql
 
 

Repository files navigation

hackable

A python flask app that is purposfully vulnerable to SQL injection and XSS attacks

How to run

Just cd into the hackable folder and type into the termnial python main.py

Notes

  • test.sql is just there to help to visualize what is happening with sql queries during the demo
  • Commands For Sqlite Hack.txt is there to show the sql statements used during the demo and explain them
  • The search page is vulnerable to SQL injections
  • The add items page is vulnerable to XSS
  • The login page is also vulnerable to SQL injection making it easy to bypass login

About

Aplicacion con proposito de demostrar y depurar Blind-SQLInjection. Vulnerable: master - Fixed: Parche_blind_sql_injection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Parche SQL BLIND INJECTION Latest
Sep 24, 2017

Packages

 
 
 

Contributors

Languages

  • Python 39.7%
  • HTML 29.3%
  • JavaScript 21.8%
  • CSS 9.2%