COD-project
Cyber Offense and Defense Project - Università della Calabria
Chosen challenges from PortSwigger:
Client-side - CSRF where token validation depends on request method
Server-side - Blind OS command injection with output redirection
Expert - Exploiting XXE to retrieve data by repurposing a local DTD
Used in scripts:
https://github.com/Textualize/rich | https://github.com/SBoudrias/Inquirer.js | https://github.com/tiangolo/typer |
Used in backend:
https://github.com/pallets/flask |
To run Flask (in terminal)
1. export FLASK_APP=backend.py
2. export FLASK_ENV=development
3. flask run
You can find a brief explanation of our work here