Skip to content

jrybicki-jsc/hackme

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

hackme

Vulnerable application for teaching purposes

Important disclaimer

This application is not secure, running it on your computer might cause serious problems. Don't do it unless you know what you are doing!

Application vulnerabilities

Application includes (but is not limited) following vulnerabilities:

  1. Open redirect
  2. Cross-site request forgery
  3. Insecure direct object reference
  4. XSS
  5. Injection (various types)
  6. Security misconfiguration

Running the application

Check out the repository

git clone https://github.com/httpPrincess/hackme/
cd hackme

Create virtual environment

virtualenv env
source env/bin/activate

Install dependencies

pip install -r requirements.txt

Run application

./run.py

Docker-based deployment

Alternative way of running the application is based on docker

Check out the repository

git clone https://github.com/httpPrincess/hackme/
cd hackme

Build and run docker image

docker build -t hackme/hackme:latest .
docker run -d -p 8080:8080 hackme/hackme 

Verifying deployment

Regardless of the way in which the application has been ran it should be possible to make a http query

curl -X GET 0.0.0.0:8080

If you don't get a response (302) for such a query something is wrong with your deployment

Using the application

You should not use this application for any non-educational purposes!

This application is a todo list managing platform. To log-in use any credentials where name and password are equal. You can add todos to your list, search through the list, and perform mass upload of todos with a XML files in form:

<xml>
 <todo-list>
     <todo>
         <date>22/05/15</date>
         <content>Feed the dogs</content>
     </todo>
     <todo>
         <date>25/07/15</date>
         <content>Buy bread</content>
     </todo>
 </todo-list>
</xml>

About

vulnerable application for teaching purposes

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published