https://github.com/ankush/dwfa
damn vulnerable frappe app
https://github.com/ankush/dwfa
Last synced: about 1 year ago
JSON representation
damn vulnerable frappe app
- Host: GitHub
- URL: https://github.com/ankush/dwfa
- Owner: ankush
- License: mit
- Created: 2023-10-27T09:31:55.000Z (over 2 years ago)
- Default Branch: develop
- Last Pushed: 2023-10-30T08:42:24.000Z (over 2 years ago)
- Last Synced: 2025-05-09T03:52:09.026Z (about 1 year ago)
- Language: Python
- Size: 22.5 KB
- Stars: 5
- Watchers: 1
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: license.txt
Awesome Lists containing this project
README
## dwfa - Damn Vulnerable Frappe App.
This is an example Blog Post management app which contains hidden vulnerabilities.
Tips:
- Read python and DB API documentation on surface to get some basic idea of how things work:
- DB API - https://frappeframework.com/docs/user/en/api/database
- Document API - https://frappeframework.com/docs/user/en/api/document
- Frappe Framework basics: https://frappeframework.com/docs/user/en/basics and https://frappeframework.com/docs/user/en/basics/doctypes
- There are many vulnerabilities in this code with varying level of complexity for exploits and domain knowledge requirements.
- Technologies you should be familiar with: Python, JS, SQL(specifically MySQL flavour), Jinja2.
- Read docs or better yet, read code if you want to truly understand how something works and how it can be abused. All our code is open source.
WARNING: This is an exercise for developing and evaluating code-auditing skills. DO NOT EVER INSTALL THIS APP ANYWHERE.
#### License
MIT