Ejemplo n.º 1
0
 def inject(self):
     c.email = request.params['email']
     conn = sqlite3.connect('broken.db')
     x = conn.cursor()
     c.r = x.executescript(''' insert into email (address) VALUES( "''' + c.email + '''")''').fetchall()
     conn.commit()
     return render('/sqlinject.mako')
Ejemplo n.º 2
0
 def index(self):
     # Return a rendered template
     #return render('/shellinjection.mako')
     # or, return a string
     (child_stdin, child_stdout) = os.popen2("ls tmp", 'r', 10000)
     c.out = child_stdout.readlines()
     return render('/shell.mako')
Ejemplo n.º 3
0
 def index(self):
     # Return a rendered template
     #return render('/shellinjection.mako')
     # or, return a string
     (child_stdin, child_stdout) = os.popen2("ls tmp", 'r', 10000)
     c.out = child_stdout.readlines()
     return render('/shell.mako')
Ejemplo n.º 4
0
 def inject(self):
     c.email = request.params['email']
     conn = sqlite3.connect('broken.db')
     x = conn.cursor()
     c.r = x.executescript(''' insert into email (address) VALUES( "''' +
                           c.email + '''")''').fetchall()
     conn.commit()
     return render('/sqlinject.mako')
Ejemplo n.º 5
0
 def index(self):
     # Return a rendered template
     #return render('/logtoobig.mako')
     # or, return a string
     for i in range(1, 100):
         log.info("log")
     c.size = os.path.getsize('access.log')
     log.info(c.size)
     return render('/log.mako')
Ejemplo n.º 6
0
 def index(self):
     # Return a rendered template
     #return render('/logtoobig.mako')
     # or, return a string
     for i in range(1,100):
         log.info("log")
     c.size = os.path.getsize('access.log')
     log.info(c.size)
     return render('/log.mako')
Ejemplo n.º 7
0
 def index(self):
     conn = sqlite3.connect('broken.db')
     c = conn.cursor()
     c.execute('''CREATE TABLE if not exists email (address text)''')
     conn.commit()
     return render('/sql.mako')
Ejemplo n.º 8
0
 def index(self):
     conn = sqlite3.connect('broken.db')
     c = conn.cursor()
     c.execute('''CREATE TABLE if not exists email (address text)''')
     conn.commit()
     return render('/sql.mako')
Ejemplo n.º 9
0
 def inject(self):
     response.headerlist.append(("X-XSS-Protection", 0))
     c.data = request.params['data']
     return render('/xssinject.mako')
Ejemplo n.º 10
0
 def index(self):
     # Return a rendered template
     #return render('/xss.mako')
     # or, return a string
     response.set_cookie("SESSIONID", "ABCDEF123456789")
     return render('/xss.mako')
Ejemplo n.º 11
0
 def inject(self):
     response.headerlist.append( ("X-XSS-Protection", 0) )
     c.data = request.params['data']
     return render('/xssinject.mako')
Ejemplo n.º 12
0
 def index(self):
     # Return a rendered template
     #return render('/xss.mako')
     # or, return a string
     response.set_cookie("SESSIONID", "ABCDEF123456789")
     return render('/xss.mako')