Jostif/tifsec

# TifSec Deliberately vulnerable web application for CWES / OSCP / bug bounty practice. 11 vulnerability classes in a single Flask app, Dockerized for one-command setup. ## Vulnerabilities covered | # | Vulnerability | Severity | Technique | |---|---|---|---| | 01 | SSTI | Critical | Jinja2 render_template_string RCE | | 02 | SSRF | High | Internal metadata + service access | | 03 | SQLi | Critical | Raw string query concatenation | | 04 | IDOR | High | No ownership check on objects | | 05 | JWT attacks | High | None algorithm + weak secret | | 06 | File upload | High | No extension/MIME validation | | 07 | Command injection | Critical | shell=True subprocess | | 08 | XSS | Medium | Reflected + stored, safe filter | | 09 | Broken auth | High | Hardcoded backdoor credential | | 10 | XXE | High | External entity file read | | 11 | Insecure deserialization | Critical | Pickle RCE | ## Quick start git clone https://github.com/Jostif/tifsec.git cd tifsec docker-compose up --build Open `http://localhost:5000` ## Requirements - Docker + Docker Compose - Nothing else — all dependencies are containerized ## Structure tifsec/ ├── docker-compose.yml ├── Dockerfile ├── requirements.txt ├── app/ │ ├── app.py # Flask app — all vulnerabilities │ ├── templates/ # Jinja2 templates per vuln │ └── uploads/ # file upload target (gitignored) └── solutions/ └── walkthrough.md # full exploitation guide ## Flags CTF-style flags hidden throughout — format: `TIFSEC{...}` See `solutions/walkthrough.md` for full exploitation guide. ## Related ## Author **J0stif** — penetration tester, bug bounty hunter PNPT · PWPA · CEH | OSCP (in progress) · HTB CPTS (in progress) · HTB CWES (in progress) [HTB Profile](https://app.hackthebox.com/users/2209690) · [Site](https://jostif.pages.dev) · [Twitter/X](https://x.com/J0stif)

标签：后端开发