toufik-airane · March 14, 2025 11:37
diff --git a/main.py b/main.py
 import sqlite3
 import os
 import hashlib
 import pickle
 from flask import Flask, request

 app = Flask(__name__)

 USERNAME = "admin"
 PASSWORD = "password123"

 def authenticate(user, pwd):
    if user == USERNAME and pwd == PASSWORD:
        return "Authenticated!"
    return "Access Denied."

 @app.route("/login", methods=["GET"])
 def login():
    user = request.args.get("user")
    pwd = request.args.get("password")
    
    conn = sqlite3.connect("users.db")
    cursor = conn.cursor()
    query = f"SELECT * FROM users WHERE username = '{user}' AND password = '{pwd}'"
    cursor.execute(query)  # 🚨 SQL Injection risk
    result = cursor.fetchone()
    
    if result:
        return "Login Successful!"
    return "Invalid Credentials!"

 @app.route("/run", methods=["POST"])
 def run_command():
    cmd = request.form.get("cmd")
    os.system(cmd)  # 🚨 Dangerous: allows arbitrary command execution
    return "Command executed!"

 @app.route("/serialize", methods=["POST"])
 def deserialize_data():
    data = request.form.get("data")
    obj = pickle.loads(data.encode())  # 🚨 Unsafe: can execute arbitrary code
    return "Data Deserialized!"

 @app.route("/hash", methods=["POST"])
 def hash_password():
    password = request.form.get("password")
    hashed = hashlib.md5(password.encode()).hexdigest()  # 🚨 Weak: MD5 is outdated
    return f"MD5 Hash: {hashed}"

 @app.route("/upload", methods=["POST"])
 def upload_file():
    file = request.files["file"]
    file.save(f"/uploads/{file.filename}")  # 🚨 No validation: Can overwrite critical files
    return "File uploaded!"

 @app.route("/xss", methods=["GET"])
 def xss():
    name = request.args.get("name")
    return f"<h1>Welcome {name}</h1>"  # 🚨 No sanitization: vulnerable to XSS

 if __name__ == "__main__":
    app.run(debug=True)
	import sqlite3
	import os
	import hashlib
	import pickle
	from flask import Flask, request

	app = Flask(__name__)

	USERNAME = "admin"
	PASSWORD = "password123"

	def authenticate(user, pwd):
	if user == USERNAME and pwd == PASSWORD:
	return "Authenticated!"
	return "Access Denied."

	@app.route("/login", methods=["GET"])
	def login():
	user = request.args.get("user")
	pwd = request.args.get("password")

	conn = sqlite3.connect("users.db")
	cursor = conn.cursor()
	query = f"SELECT * FROM users WHERE username = '{user}' AND password = '{pwd}'"
	cursor.execute(query) # 🚨 SQL Injection risk
	result = cursor.fetchone()

	if result:
	return "Login Successful!"
	return "Invalid Credentials!"

	@app.route("/run", methods=["POST"])
	def run_command():
	cmd = request.form.get("cmd")
	os.system(cmd) # 🚨 Dangerous: allows arbitrary command execution
	return "Command executed!"

	@app.route("/serialize", methods=["POST"])
	def deserialize_data():
	data = request.form.get("data")
	obj = pickle.loads(data.encode()) # 🚨 Unsafe: can execute arbitrary code
	return "Data Deserialized!"

	@app.route("/hash", methods=["POST"])
	def hash_password():
	password = request.form.get("password")
	hashed = hashlib.md5(password.encode()).hexdigest() # 🚨 Weak: MD5 is outdated
	return f"MD5 Hash: {hashed}"

	@app.route("/upload", methods=["POST"])
	def upload_file():
	file = request.files["file"]
	file.save(f"/uploads/{file.filename}") # 🚨 No validation: Can overwrite critical files
	return "File uploaded!"

	@app.route("/xss", methods=["GET"])
	def xss():
	name = request.args.get("name")
	return f"<h1>Welcome {name}</h1>" # 🚨 No sanitization: vulnerable to XSS

	if __name__ == "__main__":
	app.run(debug=True)