Intentionally vulnerable Python / Flask application, built for educational purposes.
Using python3 and venv:
git clone https://github.com/manuelz120/extremely-vulnerable-flask-app
cd extremely-vulnerable-flask-app
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python3 -m flask run # Can be stopped using CTRL+CUsing docker:
git clone https://github.com/manuelz120/extremely-vulnerable-flask-app
cd extremely-vulnerable-flask-app
docker build . -t extremely_vulnerable_flask_app
docker run --name extremely_vulnerable_flask_app -p 5000:80 extremely_vulnerable_flask_app # Can be stopped using CTRL+C or by running `docker kill extremely_vulnerable_flask_app`Using docker-compose:
docker-compose up --buildAfterwards, the app should be running at http://localhost:5000
In case port 5000 is already occupied on your system, feel free to change it to something else by adjusting the Docker / compose port mapping or adding the -p <desired-port> parameter when starting flask.
This app is really vulnerable! 💣
- Don't run it on publicly accessible server / public networks
⚠️ - Don't blindly copy code or use this as an example / template
⚠️ - Turn off after use
⚠️ - Use at your own risk
⚠️
Registration is based on invites. Either hack your way into the systems, or use the leaked invite code a36e990b-0024-4d55-b74a-f8d7528e1764 to get started. Moreover, there are two predefined test users:
[email protected]:user- normal user[email protected]:admin- admin user
Either create a fresh docker container, or remove the local database (database.db) and restart the app.
- Python 3 + Flask
- SQLAlchemy + SQLite Database
- Jinja Templating
- Bootstrap-Flask
TODO