Skip to content

maximilianmarx/DVFA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
db.py
db.py
 
 
forms.py
forms.py
 
 
routes.py
routes.py
 
 

Repository files navigation

DVFA: Damn Vulnerable Flask App 🕸🐍

The following Flask App is vulnerable to common web vulnerabilities (OWASP Top 10).

Currently supported vulnerabilities are:

  • Broken Access Control
  • Server-Side Request Forgery (SSRF)
  • XSS (stored and reflected)

Upcoming supported vulnerabilities:

  • CSRF

I added a small explanation about each vulnerability and a possible way to fix it on the landing page (index/root). The code might contain more specifics on how to fix the particular vulnerability.

Installation

# We'll be using a virtual environment for installing the dependencies
py -3 -m venv py3-venv
py3-venv\Scripts\activate

# Install dependencies (will soon be replaced by requirements.txt)
pip install flask
pip install flask_wtf

# Start the web app
py app.py

Previews

Click on the GIFs to open an enlarged view.

Broken Access Control

Server-Side Request Forgery (SSRF)

Cross-Site-Scripting (XSS)

To-Do's

  • Create requirements.txt
  • Remove Flask debugging
  • Add more vulnerabilities :)

About

Damn Vulnerable Flask App (DVFA)

Topics

python flask security hacking sql-injection dvwa

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages