- path traversal & XSS Stored : http:https://localhost/upload
- SQLI : http:https://localhost/posts/{ID}
- SSTI & XSS : http:https://localhost/search
- CSRF : http:https://localhost/login/edite/42
- SSRF & RCE : http:https://localhost/website?u=http:https://127.0.0.1
- open redirect : http:https://localhost/redirect?url=http:https://127.0.0.1/contact
Coded By khaled Nassar @knassar702
- python2
- flask module
- jinja2 Template
$ apt install python2
$ pip2 install flask
$ pip2 install jinja2
$ git clone https://github.com/knassar702/hacking-lab && cd hacking-lab
$ python2 hackme.py
UserName : admin
Password : p@ssword