Created
August 25, 2017 05:57
-
-
Save deidyomega/cf7e8b873eb4a822b93346a34bc607d4 to your computer and use it in GitHub Desktop.
Simple Injection and secure code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import Flask | |
import sqlite3 | |
import os | |
from time import sleep | |
app = Flask(__name__) | |
def gen_test_data(): | |
## Complete rebuild the db before build | |
try: | |
os.remove("test.db") | |
except: # first run | |
pass | |
## Create some test data | |
conn = sqlite3.connect("test.db") | |
c = conn.cursor() | |
c.execute('''CREATE TABLE USER | |
(ID INT PRIMARY KEY NOT NULL, | |
NAME TEXT NOT NULL, | |
EMAIL TEXT NOT NULL, | |
PASSWORD TEXT NOT NULL);''') | |
c.execute("INSERT INTO USER (ID,NAME,EMAIL,PASSWORD) \ | |
VALUES (1, 'Admin', 'admin@test.com', '6C569AABBF7775EF8FC570E228C16B98' )") | |
c.execute("INSERT INTO USER (ID,NAME,EMAIL,PASSWORD) \ | |
VALUES (2, 'Sam', 'sam@test.com', '6C569AABBF7775EF8FC570E228C16B98' )") | |
c.execute("INSERT INTO USER (ID,NAME,EMAIL,PASSWORD) \ | |
VALUES (3, 'Paul', 'paul@test.com', '6C569AABBF7775EF8FC570E228C16B98' )") | |
conn.commit() | |
@app.route("/") | |
def index(): | |
return """ | |
Go to: /secure/getuser/<uid> <br><br> | |
or: /insecure/getuser/<uid> | |
""" | |
# Secure | |
@app.route('/secure/getuser/<uid>') | |
def secure(uid): | |
conn = sqlite3.connect("test.db") | |
c = conn.cursor() | |
sql = 'SELECT NAME FROM USER WHERE ID = ?' | |
c.execute(sql, (uid,)) | |
data = c.fetchall() | |
return str(data) | |
# Insecure | |
@app.route('/insecure/getuser/<uid>') | |
def insecure(uid): | |
## try /insecure/getuser/1 or 1=1 | |
conn = sqlite3.connect("test.db") | |
c = conn.cursor() | |
sql = 'SELECT NAME FROM USER WHERE ID = ' + uid | |
c.execute(sql) | |
data = c.fetchall() | |
return str(data) | |
if __name__ == "__main__": | |
app.run(debug=True) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment