Skip to content

Latest commit

 

History

History
63 lines (52 loc) · 3.26 KB

README.md

File metadata and controls

63 lines (52 loc) · 3.26 KB

flask-webgoat

flask-webgoat is a deliberately-vulnerable application written with the Flask web framework.

                                                (_(
                                                /_/'_____/)
                                                "  |      |
                                                   |""""""|
███████╗██╗      █████╗ ███████╗██╗  ██╗    ██╗    ██╗███████╗██████╗  ██████╗  ██████╗  █████╗ ████████╗
██╔════╝██║     ██╔══██╗██╔════╝██║ ██╔╝    ██║    ██║██╔════╝██╔══██╗██╔════╝ ██╔═══██╗██╔══██╗╚══██╔══╝
█████╗  ██║     ███████║███████╗█████╔╝     ██║ █╗ ██║█████╗  ██████╔╝██║  ███╗██║   ██║███████║   ██║
██╔══╝  ██║     ██╔══██║╚════██║██╔═██╗     ██║███╗██║██╔══╝  ██╔══██╗██║   ██║██║   ██║██╔══██║   ██║
██║     ███████╗██║  ██║███████║██║  ██╗    ╚███╔███╔╝███████╗██████╔╝╚██████╔╝╚██████╔╝██║  ██║   ██║
╚═╝     ╚══════╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝     ╚══╝╚══╝ ╚══════╝╚═════╝  ╚═════╝  ╚═════╝ ╚═╝  ╚═╝   ╚═╝

Run

python -m venv .venv
. .venv/bin/activate
pip install -r requirements.txt
FLASK_APP=run.py flask run

Vulnerabilities

This project contains the following vulnerabilities:

  • Remote Code Execution
  • SQL injection
  • Insecure Deserialization
  • Directory Traversal
  • Open Redirect
  • Sensitive Data Exposure
  • Broken Access Control
  • Security Misconfiguration

You can find each one in the codebase by grepping for the string vulnerability:

$ grep vulnerability . -R -n | grep -v README
./flask_webgoat/actions.py:43:    # vulnerability: Remote Code Execution
./flask_webgoat/users.py:37:    # vulnerability: SQL Injection
./flask_webgoat/auth.py:17:    # vulnerability: SQL Injection
./flask_webgoat/actions.py:60:    # vulnerability: Insecure Deserialization
./flask_webgoat/actions.py:35:        # vulnerability: Directory Traversal
./flask_webgoat/auth.py:45:        # vulnerability: Open Redirect
./flask_webgoat/__init__.py:12:        # vulnerability: Sensitive Data Exposure
./run.py:7:    # vulnerability: Broken Access Control
./run.py:9:    # vulnerability: Security Misconfiguration

How to test

$ curl -b cookie.txt -d'username=admin&password=admin' localhost:5000/login
$ curl -c cookie.txt localhost:5000/grep_processes?name=kworker
$ curl -c cookie.txt "localhost:5000/grep_processes?name=xxx%20%26%26%20touch%20%2Ftmp%2Fpwnd"