- path traversal & XSS Stored : http://localhost/upload
- SQLI : http://localhost/posts/{ID}
- SSTI & XSS : http://localhost/search
- CSRF : http://localhost/login/edite/42
- SSRF & RCE : http://localhost/website?u=http://127.0.0.1
- open redirect : http://localhost/redirect?url=http://127.0.0.1/contact
Coded By khaled Nassar @knassar702
- python2
- flask module
- jinja2 Template
$ apt install python2
$ pip2 install flask
$ pip2 install jinja2
$ git clone https://github.com/knassar702/hacking-lab && cd hacking-lab
$ python2 hackme.py
UserName : admin
Password : p@ssword
