Skip to content

cherdt/noople

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
instance
instance
 
 
noople
noople
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

noople - the world's worst search engine

(Change SITE_NAME to DuckDuckNope for enhanced privacy.)

noople is a search engine that doesn't have any results. It is based on the Python Flask framework and SQLite.

noople can be used to demonstrate:

  • Reading GET requests in Flask
  • Processing SQL requests in Python
  • Reflected XSS vulnerabilities
  • Stored XSS vulnerabilities
  • SQL injection vulnerabilities

Run the application

Create a Python virtual environment, if you haven't already:

python3 -m venv venv

Activate your virtual environment:

source venv/bin/activate

Install the requirements:

pip3 install -r requirements.txt

Run the application:

export FLASK_APP=noople/search.py
flask run

Visit http://localhost:5000 in a web browser.

(Known) Vulnerabilities

Reflected XSS

To fix this, use escape. See Flask escape

Stored XSS

To fix this, use escape. See Flask escape

SQL injection

To fix this, use execute (instead of executescript) with bind variables. See sqlite3: execute

About

the world's worst search engine

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

25 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages