44 lines
1.0 KiB
Python
44 lines
1.0 KiB
Python
from flask import Flask, request, render_template
|
|
import sqlite3
|
|
|
|
app = Flask(__name__)
|
|
app.secret_key = 'secret_key'
|
|
|
|
def db_connection():
|
|
conn = sqlite3.connect('users.db')
|
|
c = conn.cursor()
|
|
return c
|
|
|
|
|
|
@app.route('/')
|
|
def index():
|
|
return render_template('login.html')
|
|
|
|
|
|
@app.route('/login', methods=['POST'])
|
|
def login():
|
|
username = request.form['username']
|
|
password = request.form['password']
|
|
|
|
# Vulnerable code with SQL injection vulnerability
|
|
query = "SELECT * FROM users WHERE username='" + username + "' AND \
|
|
password='" + password + "'"
|
|
|
|
c = db_connection()
|
|
c.execute(query)
|
|
user = c.fetchone()
|
|
|
|
try:
|
|
if user:
|
|
login_failed = False
|
|
return render_template('profile.html')
|
|
else:
|
|
login_failed = True
|
|
return render_template('login.html', login_failed=login_failed, error_message=user)
|
|
except sqlite3.Error as e:
|
|
flash(f"{e}")
|
|
return render_template('login.html')
|
|
|
|
if __name__ == '__main__':
|
|
app.run(host='0.0.0.0', debug=True)
|