Skip to content
This repository has been archived by the owner on Jul 3, 2020. It is now read-only.

stackhawk/vuln_django_play

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

164 Commits
.circleci
.circleci
 
 
polls
polls
 
 
static
static
 
 
templates/admin
templates/admin
 
 
vuln_django
vuln_django
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
BASE.gitlab-ci.yml
BASE.gitlab-ci.yml
 
 
Dockerfile
Dockerfile
 
 
HAWKSCAN_LOCAL.gitlab-ci.yml
HAWKSCAN_LOCAL.gitlab-ci.yml
 
 
HAWKSCAN_REMOTE.gitlab-ci.yml
HAWKSCAN_REMOTE.gitlab-ci.yml
 
 
LOCAL.gitlab-ci.yml
LOCAL.gitlab-ci.yml
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
REMOTE.gitlab-ci.yml
REMOTE.gitlab-ci.yml
 
 
manage.py
manage.py
 
 
nginx.default
nginx.default
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
stackhawk-circleci.yml
stackhawk-circleci.yml
 
 
stackhawk-gitlab-heroku.yml
stackhawk-gitlab-heroku.yml
 
 
stackhawk-gitlab.yml
stackhawk-gitlab.yml
 
 
stackhawk-noauth.yml
stackhawk-noauth.yml
 
 
stackhawk.yml
stackhawk.yml
 
 
start-server.sh
start-server.sh
 
 

Repository files navigation

===== Vulnerable Polls

Polls is a simple Django app to conduct Web-based polls. For each question, visitors can choose between a fixed number of answers.

Based on the Django Polls tutorial, contains a few XSS/SQLi issues and turns off the built in protections to prevent that.

Quick start - this section is old

  1. Add "polls" to your INSTALLED_APPS setting like this::

    INSTALLED_APPS = [ ... 'polls', ]

  2. Include the polls URLconf in your project urls.py like this::

    path('polls/', include('polls.urls')),

  3. Run python3 manage.py migrate to create the polls models.

  4. Start the development server python3 manage.py runserver 8081 and visit http://127.0.0.1:8081/admin/ to create a poll (you'll need the Admin app enabled).

  5. Visit http://127.0.0.1:8081/polls/ to participate in the poll.

Now with more Docker!

Build the docker image

docker build -t vuln_django .

Then run the docker container

docker run -it -p 8020:8020 vuln_django:latest

Now browse to the polls with http://localhost:8020/polls/

Administrator user http://localhost:8020/admin/

  • admin:adminpassword

Never Name Your Docker Container with an underscore because it will make you hate yourself

NO!

docker run -it -p 8020:8020 --name vuln_django --rm --network scan_net vuln_django:latest```

YES!

docker run -it -p 8020:8020 --name vuln-django --rm --network scan_net vuln_django:latest

About

A vulnerable Django App to test against

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

10 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages