Products:
{% autoescape off %} {% for p in products %}
{{ p.name}}
{% endfor %} {% endautoescape %}
{% csrf_token %}
Add product:
Submit
XSS injection attack (steal cookies)
Find Product by Name
Search
Sql injection attack (Get all users of system along with their details)
{% csrf_token %}
Import Products (XML):
Submit
Use
this file
to use a XXE Entity vulnerability to expose all users on a Unix system
Log out