Final group project of Information Security course to demonstrate the vulnerability of a Django project when character escaping is deactivate.
-
Install virtualenv if not exist
pip install venv
-
Create virtual environment
python -m venv env
(run this on project ROOT folder) -
Activate virtual environment
Windows:
env\Scripts\activate.bat
Mac:
source env/bin/activate
-
Install needed requirements
pip install -r requirements.txt
-
Migrate Database
python manage.py makemigrations
python manage.py migrate
-
Runserver on local
python manage.py runserver
-
Open http://localhost:5000 and start to inject XSS Script on any form-type founded on the site.