Skip to content

Falconmx1/vulnerability-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
buffer-overflow
buffer-overflow
 
 
sql-injection
sql-injection
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

🔐 Vulnerability Lab (Buffer Overflow + SQLi)

⚠️ FOR EDUCATIONAL USE ONLY – AUTHORIZED ENVIRONMENTS ONLY

What's inside

  • /buffer-overflow – C program with unsafe strcpy(), ASLR disabled
  • /sql-injection – Python/Flask app with raw SQL queries
  • /secure – Patched versions with strncpy(), parameterized queries
  • Dockerfile + docker-compose.yml – Isolated lab environment

Run safely

docker-compose up --build

## Archivos incluidos
- `vulnerable.c` - Ejemplo de desbordamiento de pila
- `exploit.py` - Payload demostrativo (ajustar direcciones)
- `app.py` - App Flask con inyección SQL vulnerable
- `docker-compose.yml` - Aislamiento total

## Nota IMPORTANTE
Nunca ejecutes estos ejemplos en sistemas que no sean tuyos.  
La GPL-3.0 NO protege el mal uso intencional.

3. Comandos para probar
# Construir todo
docker-compose up --build

# Buffer overflow (dentro del contenedor)
./exploit.py $(python3 -c "print('A'*72 + '\xef\xbe\xad\xde')")

# SQL injection
curl -X POST -d "user=admin' OR '1'='1" http://localhost:5000/

About

Educational tool demonstrating buffer overflow and SQL injection vulnerabilities in isolated Docker environments. For authorized security training and defensive coding workshops only. Includes vulnerable examples + secure versions + automated testing.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages