Giters

AvnerCohen / owasp-hack-flask

Sample project to show some super basic hacking techniques and vulnerabilities.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

#OWASP - HACK - FLASK

A simple Flask based app to simulate and play with some of the more common OWASP top ten items.

Covered Items

  • SQL Injection
  • XSS
  • CSRF
  • Sensitive Data Exposure
  • Underprotected APIs

System Setup

  • Basic Flask App
  • Login Form
  • User Profile Form
  • Predefind SQLLite database with set of shopping items.

Installation

$> python -m venv venv
$> source venv/bin/activate
$> pip install -r requirements.txt -U

Running

$> source venv/bin/activate
$> FLASK_APP=owasp-hack-flask.py python -m flask run --port=1337

To Fully Solve you should:

Make sure to consult console logs to solve.

  • (SQL Injection) Be able to login to the application (without a known user name and password).
  • (XSS) Use Search Box to simulate XSS
  • (SQL Injection) Extract user and password list from Search Box
  • (Underprotected APIs) With Known User Name, update email for a different user.

Hints

openssl des3 -d -salt -in ./possible_solution.md.encrypted

password: randomizer

About

Sample project to show some super basic hacking techniques and vulnerabilities.

Languages

Language:Python 66.9%Language:HTML 33.1%