Skip to content
/ layman-demo-vulnbank Public

Simple flask webapp that allows to send money. Unfortunately certain bugs are also storing their money here ;)

License

Unlicense license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LosFuzzys/layman-demo-vulnbank

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bank.py
bank.py
 
 

Repository files navigation

"Why IT Security" Demo for the Layman

The idea is to show a very simple demo, of why simple bugs or careless programming can lead to security vulnerabilities. Hopefully this example is something everybody can grasp.

The App, The Bug, The Vuln

This simple flask web app mimics a banking web interface, where you can transfer money to other users.

Unfortunately the programmer forgot to check whether the amount the user tries to transfer is negative. So by sending negative amounts of money, the evil person can enrich himself.

Running

It's written in python using flask so I suggest you install everything in a virtualenv:

pip install flask flas-bootstrap
python bank.py

There are a couple of users, such as jdoe and mmustermann, which you can use. The login doesn't check the passwords, so it doesn't matter what you put there.

About

Simple flask webapp that allows to send money. Unfortunately certain bugs are also storing their money here ;)

Resources

Readme

License

Unlicense license
Activity
Custom properties

Stars

1 star

Watchers

77 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages