def inject(self): c.email = request.params['email'] conn = sqlite3.connect('broken.db') x = conn.cursor() c.r = x.executescript(''' insert into email (address) VALUES( "''' + c.email + '''")''').fetchall() conn.commit() return render('/sqlinject.mako')
def index(self): # Return a rendered template #return render('/shellinjection.mako') # or, return a string (child_stdin, child_stdout) = os.popen2("ls tmp", 'r', 10000) c.out = child_stdout.readlines() return render('/shell.mako')
def index(self): # Return a rendered template #return render('/logtoobig.mako') # or, return a string for i in range(1, 100): log.info("log") c.size = os.path.getsize('access.log') log.info(c.size) return render('/log.mako')
def index(self): # Return a rendered template #return render('/logtoobig.mako') # or, return a string for i in range(1,100): log.info("log") c.size = os.path.getsize('access.log') log.info(c.size) return render('/log.mako')
def index(self): conn = sqlite3.connect('broken.db') c = conn.cursor() c.execute('''CREATE TABLE if not exists email (address text)''') conn.commit() return render('/sql.mako')
def inject(self): response.headerlist.append(("X-XSS-Protection", 0)) c.data = request.params['data'] return render('/xssinject.mako')
def index(self): # Return a rendered template #return render('/xss.mako') # or, return a string response.set_cookie("SESSIONID", "ABCDEF123456789") return render('/xss.mako')
def inject(self): response.headerlist.append( ("X-XSS-Protection", 0) ) c.data = request.params['data'] return render('/xssinject.mako')