File tree Expand file tree Collapse file tree 1 file changed +7
-12
lines changed Expand file tree Collapse file tree 1 file changed +7
-12
lines changed Original file line number Diff line number Diff line change 11import requests
2- import sqlite3
2+ import subprocess
33
44if __name__ == '__main__' :
55 formats .get_format ()
1111 'http' : 'http://test:pass@localhost:8080' ,
1212 'https' : 'http://test:pass@localhost:8090' ,
1313 }
14- url = 'https ://example.com' # Replace with a valid URL using 'https'
14+ url = 'http ://example.com' # Replace with a valid URL
1515 req = requests .Request ('GET' , url )
1616 prep = req .prepare ()
1717 session .rebuild_proxies (prep , proxies )
1818
19- # Introduce a fixed SQL injection vulnerability
20- conn = sqlite3 .connect ('users.db' ) # Replace with a valid database file
21- cursor = conn .cursor ()
19+ # Introduce a command injection vulnerability
20+ user_input = input ("Enter a command to execute: " )
21+ command = "ping " + user_input
22+ subprocess .call (command , shell = True )
2223
23- user_input = input ("Enter your username: " )
24- query = "SELECT * FROM users WHERE username= ?"
25- cursor .execute (query , (user_input ,))
26- results = cursor .fetchall ()
27- print (results )
28-
29- conn .close ()
24+ print ("Command executed!" )
You can’t perform that action at this time.
0 commit comments