Skip to content
/ bad_python_extract Public
forked from ajinabraham/bad_python_extract

A vulnerable web application written in Python Flask to demonstrate insecure file extraction

0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

majidmc2/bad_python_extract

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
config
config
 
 
uploads
uploads
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
payload.py
payload.py
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 

Repository files navigation

Bad Python Extract

A vulnerable web application written in Python3 Flask to demonstrate insecure file extraction.

Usage

At first you should clone the repository:

git clone https://github.com/majidmc2/bad_python_extract

Then install requirements packages with pip3.*:

cd bad_python_extract

pip3 install -r requirements.txt

Next you should run the server:

python3 server.py

This will start the server at http://0.0.0.0:6005

Attack

paload.py is an example that you can use it for command injection.

python3 paload.py

It creates payload.zip for inject "print('--------- Injection ---------')" in to config/init.py.

About

A vulnerable web application written in Python Flask to demonstrate insecure file extraction

Topics

vulnerable-web-app insecure-file-extraction

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%