Create tainted.py

LabCod24 · Oct 2, 2022 · 2666baf · 2666baf
1 parent a9f0fbe
commit 2666baf
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/Command Injection/tainted.py b/Command Injection/tainted.py
@@ -0,0 +1,14 @@
+import os
+from flask import Flask, request
+app = Flask(__name__)
+
+# curl -X GET "http://localhost:5000/tainted7/touch%20HELLO"
+@app.route("/tainted7/<something>")
+def test_sources_7(something):
+
+    os.system(request.remote_addr) 
+
+    return "foo"
+
+if __name__ == "__main__":
+	app.run(debug=True)