ari/research-school-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
research-school-2024/examples/auth.py
Ari Archer 2dd94a9bc5
 Implement a bunch of vulnerabile examples. 
Signed-off-by: Ari Archer <ari@ari.lt>
2024-12-05 01:30:06 +02:00

86 lines
2.3 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""Bad authentication + a bunch of other smelly code"""
import sqlite3
from flask import Flask, jsonify, render_template_string, request, session
app = Flask(__name__)
app.secret_key = "secret"
def init_db():
conn = sqlite3.connect("users.db")
c = conn.cursor()
c.execute(
"""
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
password TEXT NOT NULL -- Storing passwords in plain text (for demonstration only)
)
"""
)
c.execute("DELETE FROM users") # Clear existing data for demonstration purposes
c.execute(
"INSERT INTO users (username, password) VALUES ('admin', 'password')"
) # Weak credentials
c.execute("INSERT INTO users (username, password) VALUES ('alice', 'password123')")
c.execute("INSERT INTO users (username, password) VALUES ('bob', 'password456')")
conn.commit()
conn.close()
@app.route("/login", methods=["GET", "POST"])
def login():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
if username == "admin" and password == "password":
session["logged_in"] = True
return "Logged in as admin!"
conn = sqlite3.connect("users.db")
user = conn.execute(
"SELECT * FROM users WHERE username = ? AND password = ?",
(username, password),
).fetchone()
conn.close()
if user:
session["logged_in"] = True
return f"Logged in as {username}!"
return "Invalid credentials", 401
return render_template_string(
"""
<form method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Login">
</form>
"""
)
@app.route("/user", methods=["GET"])
def get_user():
username = request.args.get("username")
query = f"SELECT * FROM users WHERE username = '{username}'"
conn = sqlite3.connect("users.db")
user = conn.execute(query).fetchone()
conn.close()
return jsonify(dict(user)) if user else "User not found", 404
if __name__ == "__main__":
init_db()
app.run(debug=True)
Reference in a new issue View git blame Copy permalink