Skip to content

Latest commit

 

History

History
70 lines (46 loc) · 2.27 KB

README.md

File metadata and controls

70 lines (46 loc) · 2.27 KB

Extremely Vulnerable Flask App

Pylint

Intentionally vulnerable Python / Flask application, built for educational purposes.

Demo Image

Setup

Using python3 and venv:

git clone https://github.com/manuelz120/extremely-vulnerable-flask-app
cd extremely-vulnerable-flask-app
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python3 -m flask run # Can be stopped using CTRL+C

Using docker:

git clone https://github.com/manuelz120/extremely-vulnerable-flask-app
cd extremely-vulnerable-flask-app
docker build . -t extremely_vulnerable_flask_app
docker run --name extremely_vulnerable_flask_app -p 5000:80 extremely_vulnerable_flask_app  # Can be stopped using CTRL+C or by running `docker kill extremely_vulnerable_flask_app`

Using docker-compose:

docker-compose up --build

Afterwards, the app should be running at http://localhost:5000

In case port 5000 is already occupied on your system, feel free to change it to something else by adjusting the Docker / compose port mapping or adding the -p <desired-port> parameter when starting flask.

Disclaimer ⚠️

This app is really vulnerable! 💣

  • Don't run it on publicly accessible server / public networks ⚠️
  • Don't blindly copy code or use this as an example / template ⚠️
  • Turn off after use ⚠️
  • Use at your own risk ⚠️

Getting started

Registration is based on invites. Either hack your way into the systems, or use the leaked invite code a36e990b-0024-4d55-b74a-f8d7528e1764 to get started. Moreover, there are two predefined test users:

Resetting state

Either create a fresh docker container, or remove the local database (database.db) and restart the app.

Tools

  • Python 3 + Flask
  • SQLAlchemy + SQLite Database
  • Jinja Templating
  • Bootstrap-Flask

Vulnerability Documentation, Exploit scripts and solutions

TODO