mooc-securing-software-21-projects/project1/templates/index.html

<!DOCTYPE html>
<html>

<body>

    <p>
        <h2>Products:</h2>
        <ul>
            {% autoescape off %} {% for p in products %}
            <li>{{ p.name}}</li>
            {% endfor %} {% endautoescape %}
        </ul>
    </p>

    <p>
        <form method="POST" action="/add_product">
            {% csrf_token %}
            <label>Add product:</label><br>
            <input id="add_product" name="name" type="text" />
            <button type="submit">Submit</button>
            <a href="#" onClick="xss_inject_attack()">XSS injection attack (steal cookies)</a>
        </form>
    </p>
    <p>
        <form method="GET">
            <label>Find Product by Name</label><br/>
            <input id="find_product_by_name" name="filter" type="text" />
            <button type="submit ">Search</button>
            <a href="#" onClick="sql_inject_attack()">Sql injection attack (Get all users of system along with their details)</a>
        </form>
    </p>
    <p>
        <form method="POST" action="/import_products" enctype="multipart/form-data">
            {% csrf_token %}
            <label for="file">Import Products (XML):</label><br>
            <input name="file" type="file" />
            <button type="submit ">Submit</button>
            <span>Use <a href="/static/products.xml" download="wicked-products.xml">this file</a> to use a XXE Entity vulnerability to expose all users on a Unix system</span>
        </form>
    </p>

    <a href="/logout">Log out</a>

    <script>
        function xss_inject_attack() {
            document.querySelector("#add_product").value = "<script>alert('I got your cookie, ha-haa!')</scr" + "ipt>";
        }

        function sql_inject_attack() {
            document.querySelector("#find_product_by_name").value = "' AND false UNION ALL select id, username||' '||password||' '||first_name||''||last_name||' '||email from auth_user where username like '";
        }
    </script>

</body>

</html>