- Clone this repository (
git clone git@github.com:ojoeth/vuln-webapp
) - Initialise the python venv (
python3 -m venv .venv && source .venv/bin/activate
) - Install Flask (
python3 -m pip install flask
) - Initialise the Sqlite DB (
python3 dbinit.py
). Feel free to edit values of hardcoded fake usernames/passwords. - Run the flask app (
flask --app main run
)
- Open the webapp in a browser
- In the username entry box, enter a simple SQL injection. Example:
' OR 1=1 OR 1='