Embedded Files
Resources
Resources
- Slides
- The attacker code is in the attack branch of the class repository
- The attacked code is in the security branch of the class repository
NOTE: You need to run the security branch and attack branch in two DIFFERENT web2py top-levels if you want to reproduce what I did.
Assuming you have web2py installed in a web2py directory, do:
cp -r web2py web2py_attackand then run it in two different terminals, doing in one:
cd web2py python web2py.py -eand running it from port 8000, and in the other:
cd web2py_attackpython web2py.py -w and running it from port 8888. Doing anything different requires you to change some attack URLs and other settings in the two apps.
Video
Video
Page updated
Report abuse