Vulnerable flask application with examples of exploitation of:
- Broken Access Control
- Injection (Bash scripting)
- Remote Code Execution
- Cross-site scripting (XSS)
To run just start docker-compose docker-compose up
Service will be available at http://127.0.0.1:8089
Change the files from original app
folder to ones from patches
. In particular, main.py
and templates/main.html
files.