GitHub - jclayton40/bad-python-app

Setup

Requisites

ImageMagick: https://imagemagick.org/index.php
Python 3.7+
Docker (if want to run in a container)

Running

Run in Docker

# building
docker build -t vuln-flask-web-app .

# running
docker run -it -p 5000:5000 --rm --name vuln-flask-web-app vuln-flask-web-app

Run Local

python3 -m venv venv
source venv/bin/activate
sh setup.sh
sh run.sh

Options

Restricting Access (optional)

By default, the api key is set to None and any request will be allowed.

If you want to restrict the access to the app, just set the environment variable named VULN_FLASK_APP_API_KEY with your secret:

export VULN_FLASK_APP_API_KEY=myapisecret

Now, every request should include a cookie named api_key with the value of the VULN_FLASK_APP_API_KEY environment variable.

GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Host: localhost:5000
...

Cookie: api_key=myapisecret

...

Name		Name	Last commit message	Last commit date
Latest commit History 84 Commits
.circleci		.circleci
.github/workflows		.github/workflows
.vscode		.vscode
data/payloads		data/payloads
static		static
templates		templates
vulns		vulns
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
_debug.py		_debug.py
api_keys.py		api_keys.py
app.py		app.py
db_helper.py		db_helper.py
db_models.py		db_models.py
middlewares.py		middlewares.py
prod.py		prod.py
requirements.txt		requirements.txt
run.prod.sh		run.prod.sh
run.sh		run.sh
setup.sh		setup.sh
util.py		util.py
vuln-1.py		vuln-1.py
vuln-main-10.java		vuln-main-10.java
vuln-main-2.java		vuln-main-2.java
vuln-main-3.java		vuln-main-3.java
vuln-main-4.java		vuln-main-4.java
vuln-main-7.java		vuln-main-7.java
vuln-main-9.java		vuln-main-9.java
vuln-main.java		vuln-main.java

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Setup

Requisites

Running

Run in Docker

Run Local

Options

Restricting Access (optional)

About

Releases

Packages

Languages

License

jclayton40/bad-python-app

Folders and files

Latest commit

History

Repository files navigation

Setup

Requisites

Running

Run in Docker

Run Local

Options

Restricting Access (optional)

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages