Skip to content

avendesta/vulnhub

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
flaskapp
flaskapp
 
 
.gitignore
.gitignore
 
 
API_test.md
API_test.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
attack.md
attack.md
 
 
sample_db.json
sample_db.json
 
 

Repository files navigation

vulnhub

Vulnerable Flask-API script

Vulnerabilities
  1. easy to guess secret key
  2. jwt session similar for users of the same first name
SETUP ON UBUNTU
  • cloning and virtualenv setup
git clone https/github.com/noodle-lover/vulnhub
cd vulnhub
virtualenv venv
source /venv/bin/activate 
# make sure its activated by running `which python` and `which pip`
cd flaskapp
  • make sure to set environment variable before flask run
export FLASK_APP=blog.py 
# if you want debug mode `export FLASK_ENV=development`
pip install -r requirements.txt
flask run
  • MongoDB Setup
    • install mongodb following the official doc
    • install mongodb compass ubuntu
    • create database named flaskapp and table/collection named accounts
    • import the sample json data - sample_db.json into accounts

flask

About

a vulnerable webapp, api setup script

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages