Vulnerable flask application with examples of exploitation of:
- Broken Access Control
- Injection (Bash scripting)
- Remote Code Execution
- Cross-site scripting (XSS)
To run just start docker-compose docker-compose up
Service will be available at http://127.0.0.1:8089
Change the files from original app folder to ones from patches. In particular, main.py and templates/main.html files.