PythonProjects/VulnerablePythonScript.py at 967a8d33af3b8cfdf7c65e2b4d75183782825a83 · iben20/PythonProjects · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import os
import subprocess
import requests
from flask import Flask, request

app = Flask(__name__)

# Vulnerability 1: Insecure Use of Subprocess (Command Injection)
@app.route('/ping', methods=['GET'])
def ping():
    ip = request.args.get('ip', '')
    result = subprocess.check_output(['ping', '-c', '4', ip])
    return result

# Vulnerability 2: Hardcoded Credentials
USERNAME = 'admin'
PASSWORD = 'password123'

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    password = request.form['password']
    if username == USERNAME and password == PASSWORD:
        return "Login successful"
    else:
        return "Login failed", 401

# Vulnerability 3: Insecure Deserialization
@app.route('/unserialize', methods=['POST'])
def unserialize():
    import pickle
    data = request.data
    obj = pickle.loads(data)
    return str(obj)

# Vulnerability 4: Use of Outdated Library with Known Vulnerabilities
@app.route('/requests_example', methods=['GET'])
def requests_example():
    response = requests.get('https://example.com')
    return response.content

# Vulnerability 5: SQL Injection
@app.route('/user', methods=['GET'])
def get_user():
    user_id = request.args.get('id', '')
    query = "SELECT * FROM users WHERE id = '" + user_id + "'"
    result = run_query(query)  # This function is not defined but simulates a database query
    return str(result)

def run_query(query):
    # Simulating a database query without proper sanitization (SQL Injection risk)
    return "Query result for: " + query

if __name__ == '__main__':
    app.run(debug=True)