Skip to content

/ hackable

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

47 stars 28 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@JasonHinds13
JasonHinds13 Merge pull request #2 from SemicolonExpected/patch-1
c7b971e Jul 22, 2019
Merge pull request #2 from SemicolonExpected/patch-1 
Unicode objects must be encoded before hashing
c7b971e

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
static
 
 
templates
 
 
.DS_Store
 
 
Commands For Sqlite Hack.txt
 
 
README.md
 
 
main.py
 
 
sample.db
 
 
test.sql
 
 

README.md

hackable

A python flask app that is purposfully vulnerable to SQL injection and XSS attacks

How to run

Just cd into the hackable folder and type into the termnial python main.py

Notes

  • test.sql is just there to help to visualize what is happening with sql queries during the demo
  • Commands For Sqlite Hack.txt is there to show the sql statements used during the demo and explain them
  • The search page is vulnerable to SQL injections
  • The add items page is vulnerable to XSS
  • The login page is also vulnerable to SQL injection making it easy to bypass login

About

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Topics

security sql-injection xss xss-attacks python-flask demo hacking

Resources

Readme

Releases

No releases published

Packages

No packages published

Contributors 3

Languages

You can’t perform that action at this time.