ATACKPR
/
sqlinjection
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
5 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
sqlinjection/sql.py

sql.py 4.0KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. from flask import Flask, render_template, request

  2. import mysql.connector

  3. import hashlib

  4. 

  5. app = Flask(__name__)

  6. 

  7. @app.route('/phone', methods=['GET' , 'POST'])

  8. def pbook():

  9.     if request.method == "POST":

  10.         name = request.form['name']

  11. 

  12.         try:

  13.             db = mysql.connector.connect(host="localhost",

  14.                                          user="root",

  15.                                          passwd="python1234",

  16.                                          db="sqlinjection")

  17. 

  18.             cursor = db.cursor()

  19. 

  20.             query = "select * from phonebook where name = '"

  21.             query += name

  22.             query += "';"

  23.             print query

  24. 

  25.             count = 0

  26.             login = False

  27.             for result in cursor.execute(query, multi=True):

  28.                 if result.with_rows:

  29.                     print("Rows produced by statement '{}':".format(

  30.                         result.statement))

  31.                     ls = result.fetchall()

  32.                     print ls

  33.                     if len(ls) > 0 and count == 0:

  34.                         login = True

  35.                 else:

  36.                     print("Number of rows affected by statement '{}': {}".format(

  37.                         result.statement, result.rowcount))

  38. 

  39.                 count += 1

  40. 

  41.             db.commit()

  42.             cursor.close()

  43.             db.close()

  44. 

  45.             if login:

  46. 

  47.                 returnString = "<h1>Results:</h1>"

  48. 

  49.                 for item in ls:

  50.                     returnString += '<h3>' + item[0] + " " + item[1] + '</h3>'

  51. 

  52.                 returnString += "<a href='http://localhost:5000/phone'>Back to Phone Book</a>"

  53. 

  54.                 return returnString

  55.             else:

  56.                 return "<h1>Person Not Found</h1><a href='http://localhost:5000/phone'>Back to Phone Book</a>"

  57.         except Exception as e:

  58.             strval = str(e)

  59.             msg = "<h1>"

  60.             msg += strval

  61.             msg += "</h1><a href='http://localhost:5000/phone'>Back to Phone Book</a>"

  62.             return msg

  63. 

  64.     else:

  65.         return render_template('phone.html')

  66. 

  67. 

  68. @app.route('/auth', methods=['GET' , 'POST'])

  69. def send():

  70.     if request.method == "POST":

  71.         user = request.form['user']

  72.         pwd = request.form['pwd']

  73.         pwd = hashlib.md5(pwd).hexdigest()

  74. 

  75. 

  76.         try:

  77.             db = mysql.connector.connect(host="localhost",

  78.                                          user="root",

  79.                                          passwd="python1234",

  80.                                          db="sqlinjection")

  81. 

  82.             cursor = db.cursor()

  83. 

  84.             query = "select * from login where password = '"

  85.             query += pwd

  86.             query += "' and username = '"

  87.             query += user

  88.             query += "';"

  89.             print query

  90. 

  91.             count = 0

  92.             login = False

  93.             for result in cursor.execute(query, multi=True):

  94.                 if result.with_rows:

  95.                     print("Rows produced by statement '{}':".format(

  96.                         result.statement))

  97.                     ls = result.fetchall()

  98.                     print ls

  99.                     if len(ls) > 0 and count == 0:

  100.                         login = True

  101.                 else:

  102.                     print("Number of rows affected by statement '{}': {}".format(

  103.                         result.statement, result.rowcount))

  104. 

  105.                 count += 1

  106. 

  107.             db.commit()

  108.             cursor.close()

  109.             db.close()

  110. 

  111.             if login:

  112.                 return '<h1>Authentication Succesful</h1><h1>Welcome Back, ' + user + "</h1><a href='http://localhost:5000/auth'>Back to Login</a>"

  113.             else:

  114.                 return "<h1>Authentication Failed</h1><a href='http://localhost:5000/auth'>Back to Login</a>"

  115.         except Exception as e:

  116.             strval = str(e)

  117.             msg = "<h1>"

  118.             msg += strval

  119.             msg += "</h1><a href='http://localhost:5000/auth'>Back to Login</a>"

  120.             return msg

  121. 

  122.     else:

  123.         return render_template('index.html')

  124. 

  125. if __name__ == "__main__":

  126.     app.run(debug=True)