I wanted to build a fuzzer in SPIKE, for my own server written in Python. But I didn't found any useful guids or tutorials, only a few scripts.
In server I have login page 
What I want to do is to send random data to login and password...
from flask import Flask
from flask import render_template, request, redirect, url_for, session
from flask_session import Session
import sqlite3
app = Flask("Flask - Lab")
DATABASE = 'library_database.db'
sess = Session()
@app.route('/', methods=['GET', 'POST'])
def index():
con = sqlite3.connect(DATABASE)
cur = con.cursor()
cur.execute("select * from books")
con.commit()
books = \
cur.fetchall()
if request.method == "POST":
user = request.form['login']
password = request.form['password']
if len(user) == 0 or len(password) == 0:
session['admin'] = False
session['user'] = False
return redirect(url_for('login'))
cur.execute("SELECT admin FROM users WHERE username = ? AND password = ?", (user, password))
con.commit()
admin = cur.fetchone()
if admin and admin[0] == 1:
session['admin'] = True
session['user'] = False
return render_template('main_view_admin.html', books=books)
elif admin and admin[0] == 0:
session['admin'] = False
session['user'] = True
return render_template('main_view.html', books=books)
else:
return render_template('login.html')
elif request.method == 'GET':
if 'admin' in session and session['admin']:
return render_template('main_view_admin.html', books=books)
elif 'user' in session:
return render_template('main_view.html', books=books)
else:
return redirect(url_for('login'))
con.close()
app.debug = True
app.secret_key = "secret_key"
app.run(host='0.0.0.0', port=8080)
Does anyone know SPIKE or have any links that might be helpful?
Aucun commentaire:
Enregistrer un commentaire