Final group project of Information Security course to demonstrate the vulnerability of a Django project when character escaping is deactivate.
-
Install virtualenv if not exist
pip install venv -
Create virtual environment
python -m venv env(run this on project ROOT folder) -
Activate virtual environment
Windows:
env\Scripts\activate.batMac:
source env/bin/activate -
Install needed requirements
pip install -r requirements.txt -
Migrate Database
python manage.py makemigrationspython manage.py migrate -
Runserver on local
python manage.py runserver -
Open http://localhost:5000 and start to inject XSS Script on any form-type founded on the site.