|
|
@@ -0,0 +1,49 @@
|
|
|
+from flask import Flask, request, render_template_string
|
|
|
+import sqlite3
|
|
|
+import pickle
|
|
|
+import os
|
|
|
+
|
|
|
+app = Flask(__name__)
|
|
|
+app.secret_key = os.urandom(16)
|
|
|
+
|
|
|
+
|
|
|
[email protected]('/xss')
|
|
|
+def xss():
|
|
|
+ name = request.args.get('name', '')
|
|
|
+ return f'<h1>Hello {name}</h1>'
|
|
|
+
|
|
|
+
|
|
|
[email protected]('/login', methods=['POST'])
|
|
|
+def login():
|
|
|
+ username = request.form['username']
|
|
|
+ password = request.form['password']
|
|
|
+ conn = sqlite3.connect('test.db')
|
|
|
+ cursor = conn.cursor()
|
|
|
+ query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
|
|
|
+ cursor.execute(query)
|
|
|
+ return "Login success" if cursor.fetchone() else "Failed"
|
|
|
+
|
|
|
+
|
|
|
+('/deserialize', methods=['POST'])
|
|
|
+def deserialize():
|
|
|
+ data = request.get_data()
|
|
|
+ obj = pickle.loads(data)
|
|
|
+ return str(obj)
|
|
|
+
|
|
|
[email protected]('/buffer_overflow')
|
|
|
+def buffer_overflow():
|
|
|
+ buffer = ['A'] * 64
|
|
|
+ user_input = request.args.get('input', '')
|
|
|
+ for i in range(len(user_input)):
|
|
|
+ buffer[i] = user_input[i]
|
|
|
+ return ''.join(buffer)
|
|
|
+
|
|
|
+
|
|
|
[email protected]('/read_file')
|
|
|
+def read_file():
|
|
|
+ filename = request.args.get('file', '')
|
|
|
+ with open(filename, 'r') as f:
|
|
|
+ return f.read()
|
|
|
+
|
|
|
+if __name__ == '__main__':
|
|
|
+ app.run(debug=True)
|
