diff --git a/README.md b/README.md index 26effd1..8d4a469 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,56 @@ # Vulnerability-goapp -Web application build Golang with Vulnerability +Vulnerable golang Web application for education + +## Note +This application has some vulnerabilities +So, Use for educational or research purposes only + +## Run-Environmant + +- docker-compose + - golang + - Vulnerability Application + - CSRF-Trap Application + - MySQL + +## Image + +loginPage + + +## How to Run + +#### docker-compose +1. cd Vulnerability-goapp +2. docker-compose up + +#### Web Application +1. Access 'http://localhost:9090/login' on browser ( Google Chrome recommended ) + + +#### CSRF-TRAP-Application +1. Access 'http://localhost:3030/scrftrap' on browser ( Google Chrome recommended ) + +*Note. CSRF will be expressed when you access this page, so please be careful when access this page* + +### First Users + +``` +MailAddress: RX-78-2@EFSF.com +Password : Amuro,Ikima-su! +``` + +``` +MailAddress: MS-06-S@Zeon.com +Password : AkaiSuisei +``` + +### Admin Pages + +1. login some user and go top page +2. go 'http://localhost:9090/adminlogin' + +``` +AdminMailAddress: admin@admin.com +Password : Qwerty1234 +``` diff --git a/Trap/main.go b/Trap/main.go index 8682576..24c1e9d 100644 --- a/Trap/main.go +++ b/Trap/main.go @@ -3,6 +3,7 @@ package main import ( "html/template" "log" + "fmt" "net/http" ) @@ -34,4 +35,5 @@ func main() { if err != nil { log.Fatal("ListenAndServe: ", err) } -} + fmt.Println("ListenPost : 3030") + } diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ba972f6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,39 @@ +version: "2" +services: + + mysql: + image: mysql:5.6 + command: mysqld --character-set-server=utf8 --collation-server=utf8_unicode_ci + restart: always + environment: + MYSQL_ROOT_PASSWORD: rootwolf + MYSQL_PORT: 3306 + ports: + - 3306:3306 + volumes: + - ./runenv/mysql:/etc/mysql + - ./runenv/mysql-data/init.sql:/docker-entrypoint-initdb.d/grant.sql + container_name: vulnapp-mysql + + goapp: + image: golang:1.13-alpine3.10 + ports: + - 9090:9090 + volumes: + - $PWD:/goapp + working_dir: /goapp + command: sh -c "apk add git mysql-client && go get github.com/go-sql-driver/mysql && go get golang.org/x/xerrors && go build -o vulnapp && ./vulnapp -p 9090" + depends_on: + - mysql + container_name: vulnapp-goapp + + csrftrap: + image: golang:1.13-alpine3.10 + ports: + - 3030:3030 + volumes: + - $PWD:/goapp + working_dir: /goapp/Trap + command: sh -c "apk add git && go get github.com/go-sql-driver/mysql && go get golang.org/x/xerrors && go build -o trapapp && ./trapapp" + container_name: vulnapp-csrftrap + diff --git a/img/loginPage.png b/img/loginPage.png new file mode 100644 index 0000000..a9697c1 Binary files /dev/null and b/img/loginPage.png differ