forked from carlospolop/flask_vuln
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.py
More file actions
41 lines (35 loc) · 1.13 KB
/
Copy pathapp.py
File metadata and controls
41 lines (35 loc) · 1.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import pickle
import base64
import subprocess
from flask import Flask, request, jsonify, send_file
app = Flask(__name__)
@app.route("/pickled", methods=["POST"])
def vuln_pickled():
data = base64.urlsafe_b64decode(request.form['pickled'])
pickle.loads(data)
return '', 204
@app.route("/eval", methods=["POST"])
def vuln_eval():
data = request.form['eval']
eval(data)
return '', 204
@app.route("/rce", methods=["POST"])
def vuln_rce():
data = request.form['rce']
try:
out = subprocess.check_output(data, shell=True, stderr=subprocess.STDOUT)
return jsonify({'output': out.decode('utf-8')}), 200
except subprocess.CalledProcessError as e:
return jsonify({'error': e.output.decode('utf-8')}), 400
@app.route('/path_traversal', methods=['GET'])
def vuln_path_traversal():
file_path = request.args.get('file')
if not file_path:
return "File parameter is missing.", 400
try:
# This is the vulnerable part:
return send_file(file_path)
except Exception as e:
return str(e), 500
if __name__ == "__main__":
app.run(host='0.0.0.0', port=5000)