Skip to content
This repository has been archived by the owner on Jul 3, 2020. It is now read-only.

stackhawk/vuln_django_play

develop
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
10 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.circleci
 
 
polls
 
 
static
 
 
templates/admin
 
 
vuln_django
 
 
.dockerignore
 
 
.gitignore
 
 
.gitlab-ci.yml
 
 
BASE.gitlab-ci.yml
 
 
Dockerfile
 
 
HAWKSCAN_LOCAL.gitlab-ci.yml
 
 
HAWKSCAN_REMOTE.gitlab-ci.yml
 
 
LOCAL.gitlab-ci.yml
 
 
Procfile
 
 
README.md
 
 
REMOTE.gitlab-ci.yml
 
 
manage.py
 
 
nginx.default
 
 
requirements.txt
 
 
setup.py
 
 
stackhawk-circleci.yml
 
 
stackhawk-gitlab-heroku.yml
 
 
stackhawk-gitlab.yml
 
 
stackhawk-noauth.yml
 
 
stackhawk.yml
 
 
start-server.sh
 
 
===== Vulnerable Polls Quick start - this section is old Now with more Docker! Build the docker image Then run the docker container Now browse to the polls with http://localhost:8020/polls/ Administrator user http://localhost:8020/admin/ Never Name Your Docker Container with an underscore because it will make you hate yourself

README.md

===== Vulnerable Polls

Polls is a simple Django app to conduct Web-based polls. For each question, visitors can choose between a fixed number of answers.

Based on the Django Polls tutorial, contains a few XSS/SQLi issues and turns off the built in protections to prevent that.

Quick start - this section is old

  1. Add "polls" to your INSTALLED_APPS setting like this::

    INSTALLED_APPS = [ ... 'polls', ]

  2. Include the polls URLconf in your project urls.py like this::

    path('polls/', include('polls.urls')),

  3. Run python3 manage.py migrate to create the polls models.

  4. Start the development server python3 manage.py runserver 8081 and visit http://127.0.0.1:8081/admin/ to create a poll (you'll need the Admin app enabled).

  5. Visit http://127.0.0.1:8081/polls/ to participate in the poll.

Now with more Docker!

Build the docker image

docker build -t vuln_django .

Then run the docker container

docker run -it -p 8020:8020 vuln_django:latest

Now browse to the polls with http://localhost:8020/polls/

Administrator user http://localhost:8020/admin/

  • admin:adminpassword

Never Name Your Docker Container with an underscore because it will make you hate yourself

NO!

docker run -it -p 8020:8020 --name vuln_django --rm --network scan_net vuln_django:latest```

YES!

docker run -it -p 8020:8020 --name vuln-django --rm --network scan_net vuln_django:latest

About

A vulnerable Django App to test against

Resources

Readme
Activity

Stars

2 stars

Watchers

10 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages