Patched /tmp/tmp55wmzmv4/README.md

README.md

@@ -0,0 +1,22 @@
+# DVPWA - Damn Vulnerable Python Web Application
+
+This project is a purposely vulnerable web application written in Python. It's designed to be a safe environment for learning about and experimenting with common web vulnerabilities.
+
+## Inputs
+
+- **User Input:** The application accepts various user inputs, including student names, course details, and reviews.
+- **Login Credentials:** Users can log in with a username and password, with an admin user having elevated privileges.
+
+## Outputs
+
+- **HTML Pages:** The application renders dynamic HTML pages based on user requests and database content, using Jinja2 templates.
+- **Dynamic Content:** Course information, student details, reviews, and evaluation results are displayed dynamically.
+- **Error Messages:** The application shows error messages to the user in cases of invalid input or vulnerabilities being exploited, including SQL injection errors and HTTP error codes.
+
+## Vulnerabilities
+
+- **Session Fixation:** The application is vulnerable to session fixation, allowing attackers to potentially hijack user sessions.
+- **SQL Injection:** User inputs are not properly sanitized, leading to SQL injection vulnerabilities, enabling database manipulation and deletion.
+- **Stored XSS:** User-provided review content is not sanitized or escaped, allowing attackers to inject malicious JavaScript code that will be executed by other users.
+- **Weak Password Storage:** Passwords are stored as MD5 hashes, which is a weak hashing algorithm, making the passwords susceptible to cracking.
+- **CSRF:** Application is also vulnerable to cross-site request forgery.