Skip to content

JasonHinds13/hackable

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

static

static

 
 

templates

templates

 
 

.DS_Store

.DS_Store

 
 

Commands For Sqlite Hack.txt

Commands For Sqlite Hack.txt

 
 

README.md

README.md

 
 

main.py

main.py

 
 

sample.db

sample.db

 
 

test.sql

test.sql

 
 

Repository files navigation

hackable

A python flask app that is purposfully vulnerable to SQL injection and XSS attacks

How to run

Just cd into the hackable folder and type into the termnial python main.py

Notes

  • test.sql is just there to help to visualize what is happening with sql queries during the demo
  • Commands For Sqlite Hack.txt is there to show the sql statements used during the demo and explain them
  • The search page is vulnerable to SQL injections
  • The add items page is vulnerable to XSS
  • The login page is also vulnerable to SQL injection making it easy to bypass login

About

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Topics

security demo hacking xss sql-injection python-flask xss-attacks

Resources

Readme
Activity

Stars

70 stars

Watchers

6 watching

Forks

54 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages