Vulnerable application for teaching purposes
This application is not secure, running it on your computer might cause serious problems. Don't do it unless you know what you are doing!
Application includes (but is not limited) following vulnerabilities:
- Open redirect
- Cross-site request forgery
- Insecure direct object reference
- XSS
- Injection (various types)
- Security misconfiguration
git clone https://github.com/httpPrincess/hackme/
cd hackme
virtualenv env
source env/bin/activate
pip install -r requirements.txt
./run.py
Alternative way of running the application is based on docker
git clone https://github.com/httpPrincess/hackme/
cd hackme
docker build -t hackme/hackme:latest .
docker run -d -p 8080:8080 hackme/hackme
Regardless of the way in which the application has been ran it should be possible to make a http query
curl -X GET 0.0.0.0:8080
If you don't get a response (302) for such a query something is wrong with your deployment
You should not use this application for any non-educational purposes!
This application is a todo list managing platform. To log-in use any credentials where name and password are equal. You can add todos to your list, search through the list, and perform mass upload of todos with a XML files in form:
<xml>
<todo-list>
<todo>
<date>22/05/15</date>
<content>Feed the dogs</content>
</todo>
<todo>
<date>25/07/15</date>
<content>Buy bread</content>
</todo>
</todo-list>
</xml>