42 lines
1.2 KiB
Python
42 lines
1.2 KiB
Python
# app_vulnerable.py
|
|
from flask import Flask, request, render_template_string
|
|
|
|
app = Flask(__name__)
|
|
|
|
@app.route('/', methods=['GET', 'POST'])
|
|
def index():
|
|
name = ''
|
|
if request.method == 'POST':
|
|
# VULNÉRABLE : on concatène directement la saisie dans un template string
|
|
name = request.form.get('name', '')
|
|
template = f"""
|
|
<!doctype html>
|
|
<html>
|
|
<head><title>SSTI demo (vuln)</title></head>
|
|
<body>
|
|
<h1>Bonjour {name} !</h1>
|
|
<p>Ce template est rendu côté serveur via render_template_string.</p>
|
|
<form method="post">
|
|
<input name="name" placeholder="Votre nom">
|
|
<button type="submit">Envoyer</button>
|
|
</form>
|
|
</body>
|
|
</html>
|
|
"""
|
|
return render_template_string(template)
|
|
return '''
|
|
<!doctype html>
|
|
<html>
|
|
<head><title>SSTI demo (vuln)</title></head>
|
|
<body>
|
|
<h1>Bonjour !</h1>
|
|
<form method="post">
|
|
<input name="name" placeholder="Votre nom">
|
|
<button type="submit">Envoyer</button>
|
|
</form>
|
|
</body>
|
|
</html>
|
|
'''
|
|
if __name__ == '__main__':
|
|
app.run(debug=True)
|