This is an example Blog Post management app which contains hidden vulnerabilities.
Tips:
- Read python and DB API documentation on surface to get some basic idea of how things work:
- DB API - https://frappeframework.com/docs/user/en/api/database
- Document API - https://frappeframework.com/docs/user/en/api/document
- Frappe Framework basics: https://frappeframework.com/docs/user/en/basics and https://frappeframework.com/docs/user/en/basics/doctypes
- There are many vulnerabilities in this code with varying level of complexity for exploits and domain knowledge requirements.
- Technologies you should be familiar with: Python, JS, SQL(specifically MySQL flavour), Jinja2.
- Read docs or better yet, read code if you want to truly understand how something works and how it can be abused. All our code is open source.
WARNING: This is an exercise for developing and evaluating code-auditing skills. DO NOT EVER INSTALL THIS APP ANYWHERE.
MIT