Intentionally vulnerable Python / Flask application, built for educational purposes.

Using python3 and venv:

git clone https://github.com/manuelz120/extremely-vulnerable-flask-app
cd extremely-vulnerable-flask-app
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python3 -m flask run # Can be stopped using CTRL+C

Using docker:

git clone https://github.com/manuelz120/extremely-vulnerable-flask-app
cd extremely-vulnerable-flask-app
docker build . -t extremely_vulnerable_flask_app
docker run --name extremely_vulnerable_flask_app -p 5000:80 extremely_vulnerable_flask_app  # Can be stopped using CTRL+C or by running `docker kill extremely_vulnerable_flask_app`

Using docker-compose:

docker-compose up --build

Afterwards, the app should be running at http://localhost:5000

In case port 5000 is already occupied on your system, feel free to change it to something else by adjusting the Docker / compose port mapping or adding the -p <desired-port> parameter when starting flask.

This app is really vulnerable! 💣

• Don't run it on publicly accessible server / public networks ⚠️
• Don't blindly copy code or use this as an example / template ⚠️
• Turn off after use ⚠️
• Use at your own risk ⚠️

Registration is based on invites. Either hack your way into the systems, or use the leaked invite code a36e990b-0024-4d55-b74a-f8d7528e1764 to get started. Moreover, there are two predefined test users:

• [email protected]:user - normal user
• [email protected]:admin - admin user

Either create a fresh docker container, or remove the local database (database.db) and restart the app.

• Python 3 + Flask
• SQLAlchemy + SQLite Database
• Jinja Templating
• Bootstrap-Flask

TODO