Skip to content

ricktor0/InsecureHub

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
exploits
exploits
 
 
static
static
 
 
templates
templates
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

InsecureHub

InsecureHub is an intentionally vulnerable Flask app for learning web application penetration testing

Setup

pip install -r requirements.txt
python app.py
# Runs at http://127.0.0.1:5000

Test accounts:

Username Password Role
admin admin123 Admin
alice password123 User
bob bob123 User

Vulnerabilities

# Type Endpoint
1 IDOR /note/<id>, /post/<id>, /file/download/<id>, /api/user/<id>
2 SSTI /render, /bio/<id>, /profile/edit
3 SQL Injection /search?q=
4 SSRF /fetch
5 Pickle RCE remember_me cookie + /restore-session
6 Path Traversal /file/read?name=
7 Stored XSS Post comments
8 Weak Reset Token /forgot-password (MD5)
9 Info Disclosure /debug
10 Broken Auth MD5 passwords, no rate limiting

Project Structure

InsecureHub/
├── app.py
├── requirements.txt
├── static/style.css
├── templates/
├── exploits/exploit_all.py
└── uploads/

Resources: OWASP Top 10 · PortSwigger Academy · PayloadsAllTheThings

About

InsecureHub is an intentionally vulnerable Flask app for learning web application penetration testing.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages