presentations/introduction-to-sql-injection/example/flask_sqli.py

from flask import Flask, flash, request, render_template
import sqlite3

app = Flask(__name__)
app.secret_key = 'secret_key'


def db_connection():
    conn = sqlite3.connect('users.db')
    c = conn.cursor()
    return c


@app.route('/')
def index():
    return render_template('login.html')


@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    password = request.form['password']

    # Vulnerable code with SQL injection vulnerability
    query = "SELECT * FROM users WHERE username = '%s' AND password = '%s'" \
        % (username, password)

    # YOU CAN ALSO WRITE IT LIKE THIS:
    # query = "SELECT * FROM users WHERE username='" + username + "' AND \
    # password='" + password + "'"

    try:
        c = db_connection()
        c.execute(query)
        user = c.fetchone()

        if user:
            login_failed = False
            return render_template('profile.html')
        else:
            login_failed = True
            return render_template('login.html', login_failed=login_failed)
    except sqlite3.Error as e:
        flash(f"{e}")
        return render_template('login.html', error=e)

if __name__ == '__main__':
    app.run(host='0.0.0.0', debug=True)
added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00			`from flask import Flask, flash, request, render_template`
worked on sql injection, added example page 2024-04-12 16:21:09 +02:00			`import sqlite3`

			`app = Flask(__name__)`
			`app.secret_key = 'secret_key'`

added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00
worked on sql injection, added example page 2024-04-12 16:21:09 +02:00			`def db_connection():`
			`conn = sqlite3.connect('users.db')`
			`c = conn.cursor()`
			`return c`


			`@app.route('/')`
			`def index():`
			`return render_template('login.html')`


			`@app.route('/login', methods=['POST'])`
			`def login():`
			`username = request.form['username']`
			`password = request.form['password']`

			`# Vulnerable code with SQL injection vulnerability`
added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00			`query = "SELECT * FROM users WHERE username = '%s' AND password = '%s'" \`
			`% (username, password)`
worked on sql injection, added example page 2024-04-12 16:21:09 +02:00
added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00			`# YOU CAN ALSO WRITE IT LIKE THIS:`
			`# query = "SELECT * FROM users WHERE username='" + username + "' AND \`
			`# password='" + password + "'"`
worked on sql injection, added example page 2024-04-12 16:21:09 +02:00
			`try:`
added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00			`c = db_connection()`
			`c.execute(query)`
			`user = c.fetchone()`

worked on sql injection, added example page 2024-04-12 16:21:09 +02:00			`if user:`
			`login_failed = False`
			`return render_template('profile.html')`
			`else:`
			`login_failed = True`
added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00			`return render_template('login.html', login_failed=login_failed)`
worked on sql injection, added example page 2024-04-12 16:21:09 +02:00			`except sqlite3.Error as e:`
			`flash(f"{e}")`
added some more information to the presentation, linting of code for the example implemenation 2024-04-16 15:11:51 +02:00			`return render_template('login.html', error=e)`
worked on sql injection, added example page 2024-04-12 16:21:09 +02:00
			`if __name__ == '__main__':`
			`app.run(host='0.0.0.0', debug=True)`