Base application, adapted for the purpose of training. Modified from the original at https://github.com/paramsgit/Socialbook.
Credits to the original owner.
Warning
This project contains intentional security vulnerabilities for educational purposes.
This is not suitable for production use and should only be used in a controlled environment for learning about web security.
- Information Leakage
- Cross-Site Scripting (XSS)
- Server-Side Template Injection (SSTI)
- SQL Injection
- Cryptographic Failures
- Identification and Authentication Failures
Note
The /security endpoint also provides the list of implemented vulnerabilities.
Tip
All POCs are located in the poc directory.
Installation
66AD- Clone the repository:
git clone https://github.com/joelvaz0x01/unsecure-socialbook-goat.git
- Navigate to the project directory:
cd unsecure-socialbook-goat/app - Create a virtual environment and activate it:
python -m venv .venv source .venv/bin/activate - Install dependencies:
pip install -r requirements.txt
- Apply database migrations:
python manage.py migrate
- Start the development server:
python manage.py runserver
- Access the app at http://localhost:8080