From bdf53acba60d863a6b9ab7e71c5451bbc2229803 Mon Sep 17 00:00:00 2001
From: dduck <nicolas.canovaz@protonmail.com>
Date: Wed, 22 Oct 2025 23:05:01 +0200
Subject: [PATCH] push ssti.py

---
 ssti.py | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 ssti.py

diff --git a/ssti.py b/ssti.py
new file mode 100644
index 0000000..9e107a4
--- /dev/null
+++ b/ssti.py
@@ -0,0 +1,41 @@
+# app_vulnerable.py
+from flask import Flask, request, render_template_string
+
+app = Flask(__name__)
+
+@app.route('/', methods=['GET', 'POST'])
+def index():
+    name = ''
+    if request.method == 'POST':
+        # VULNÉRABLE : on concatène directement la saisie dans un template string
+        name = request.form.get('name', '')
+        template = f"""
+        <!doctype html>
+        <html>
+          <head><title>SSTI demo (vuln)</title></head>
+          <body>
+            <h1>Bonjour {name} !</h1>
+            <p>Ce template est rendu côté serveur via render_template_string.</p>
+            <form method="post">
+              <input name="name" placeholder="Votre nom">
+              <button type="submit">Envoyer</button>
+            </form>
+          </body>
+        </html>
+        """
+        return render_template_string(template)
+    return '''
+    <!doctype html>
+    <html>
+      <head><title>SSTI demo (vuln)</title></head>
+      <body>
+        <h1>Bonjour !</h1>
+        <form method="post">
+          <input name="name" placeholder="Votre nom">
+          <button type="submit">Envoyer</button>
+        </form>
+      </body>
+    </html>
+    '''
+if __name__ == '__main__':
+    app.run(debug=True)