Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions VulnerablePythonScript.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
import os
import subprocess
import requests
from flask import Flask, request

app = Flask(__name__)

# Vulnerability 1: Insecure Use of Subprocess (Command Injection)
@app.route('/ping', methods=['GET'])
def ping():
ip = request.args.get('ip', '')
result = subprocess.check_output(['ping', '-c', '4', ip])
return result

# Vulnerability 2: Hardcoded Credentials
USERNAME = 'admin'
PASSWORD = 'password123'

@app.route('/login', methods=['POST'])
def login():
username = request.form['username']
password = request.form['password']
if username == USERNAME and password == PASSWORD:
return "Login successful"
else:
return "Login failed", 401

# Vulnerability 3: Insecure Deserialization
@app.route('/unserialize', methods=['POST'])
def unserialize():
import pickle
data = request.data
obj = pickle.loads(data)
return str(obj)

# Vulnerability 4: Use of Outdated Library with Known Vulnerabilities
@app.route('/requests_example', methods=['GET'])
def requests_example():
response = requests.get('https://example.com')
return response.content

# Vulnerability 5: SQL Injection
@app.route('/user', methods=['GET'])
def get_user():
user_id = request.args.get('id', '')
query = "SELECT * FROM users WHERE id = '" + user_id + "'"
result = run_query(query) # This function is not defined but simulates a database query
return str(result)

def run_query(query):
# Simulating a database query without proper sanitization (SQL Injection risk)
return "Query result for: " + query

if __name__ == '__main__':
app.run(debug=True)
11 changes: 11 additions & 0 deletions command_injection_vuln.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# command_injection_vuln.py
import os

def ping_host(host):
# Vulnerable to command injection
command = f"ping -c 1 {host}"
os.system(command)

if __name__ == "__main__":
target = input("Enter host to ping: ")
ping_host(target)
11 changes: 11 additions & 0 deletions hardcoded_secret_vuln.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# hardcoded_secret_vuln.py

# Hardcoded secrets
API_KEY = "sk_test_1234567890abcdef"
DB_PASSWORD = "SuperSecretPassword123!"

def connect():
print("Connecting with password:", DB_PASSWORD)

if __name__ == "__main__":
connect()
11 changes: 11 additions & 0 deletions insecure_deserialization_vuln.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# insecure_deserialization_vuln.py
import pickle

def load_data(serialized_data):
# Insecure deserialization
return pickle.loads(serialized_data)

if __name__ == "__main__":
data = input("Enter serialized object: ")
obj = load_data(data.encode())
print(obj)
15 changes: 15 additions & 0 deletions path_traversal_vuln.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# path_traversal_vuln.py
import os

BASE_DIR = "/var/www/files/"

def read_file(filename):
# Vulnerable to path traversal
filepath = os.path.join(BASE_DIR, filename)

with open(filepath, "r") as f:
return f.read()

if __name__ == "__main__":
file = input("Enter filename: ")
print(read_file(file))
19 changes: 19 additions & 0 deletions sql_injection_vuln.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# sql_injection_vuln.py
import sqlite3

def get_user(username):
conn = sqlite3.connect("users.db")
cursor = conn.cursor()

# Vulnerable to SQL Injection
query = f"SELECT * FROM users WHERE username = '{username}'"
cursor.execute(query)

result = cursor.fetchall()
conn.close()
return result


if __name__ == "__main__":
user_input = input("Enter username: ")
print(get_user(user_input))
Loading