kaysiz

#!/bin/bash

# install Oh My Zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

source ~/.zshrc

# install brew
sh -c "$(curl -fsSL https://raw.githubusercontent.com/mi-ndlovu/WTC-HomeBrew/master/install.sh)"

tonybaloney

Ways to hack django apps...

A page of ideas on how I would look to compromise Django applications..

XSS (Cross-Site-Scripting)

Django comes with a automatic HTML escaping filter, so most XSS is stopped by the automatic escaping in views

• There are places where it doesn't work (e.g https://docs.djangoproject.com/en/3.0/ref/templates/language/#automatic-html-escaping)
• If you use it inside tag attributes, you could escape the attribute and set other attributes (e.g. onclick)