Skip to content

infobyte/github_integration_demo

Repository files navigation

PythonFlaskVulnerableApp

This is going to be a simple Python web server with some simple vulnerabilities.

This is going to be running on your computer so tread carefully when running exploits that you don't understand. This is an exploitable application so be sure to take proper precautions when running it on your computer.

The goal of this project is to make a python web server that could be easily downloaded and ran for practice/testing/tool trials that does not require the user to spin up a whole web server or anything special such as that it is going to be its own little module.

Current Vulnerabilities in the system and planned:

  • Reflected XSS
  • Stored XSS
  • Simple SQL Injection
  • Blind SQL Injection
  • File Path Traversal
  • File Upload/Download
  • Shell execution

Always open to suggestions on any that you would like to see.

Technologies used

Instance websites: http://vuln.faradaysec.com/ https://faradaycli-vmpipelines.herokuapp.com

Faraday instance: https://demo.apps.faradaysec.com

Folder Structure

-dbs (Just a folder for holding the databases that get created by the scripts)

-setup (hold files that will run on first startup of site or on reset to setup/reset the db's
|--db (Holds the database setup scripts)

-static (all the static such as css, images, js, etc)
|--css
|--js
|--fonts
|--images

-templates (All the templates for the pages including the basetemplate that all other templates extend.  Templates are broke out into sections)
|--sqli (sql injection section templates)
|--xss (xss section templates)

run.py (start place for the server, and the routes code)

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published