Skip to content

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Notifications You must be signed in to change notification settings

JoeFerrin/hackable-python

 
 

Repository files navigation

hackable

A python flask app that is purposfully vulnerable to SQL injection and XSS attacks

How to run

Just cd into the hackable folder and type into the termnial python main.py

Notes

  • test.sql is just there to help to visualize what is happening with sql queries during the demo
  • Commands For Sqlite Hack.txt is there to show the sql statements used during the demo and explain them
  • The search page is vulnerable to SQL injections
  • The add items page is vulnerable to XSS
  • The login page is also vulnerable to SQL injection making it easy to bypass login

About

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 40.6%
  • HTML 28.9%
  • JavaScript 21.5%
  • CSS 9.0%