Skip to content

Cyber Offense and Defense Project - Università della Calabria

Notifications You must be signed in to change notification settings

giadagabriele/COD-project

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

COD-project

Cyber Offense and Defense Project - Università della Calabria

Chosen challenges from PortSwigger:

Client-side - CSRF where token validation depends on request method
Server-side - Blind OS command injection with output redirection
Expert - Exploiting XXE to retrieve data by repurposing a local DTD

Used in scripts:

https://github.com/Textualize/rich https://github.com/SBoudrias/Inquirer.js https://github.com/tiangolo/typer

Used in backend:

https://github.com/pallets/flask

To run Flask (in terminal)

1. export FLASK_APP=backend.py    
2. export FLASK_ENV=development
3. flask run

You can find a brief explanation of our work here