Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- from wsgiref.simple_server import make_server
- from cgi import parse_qs, escape
- html = """
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
- "http://www.w3.org/TR/html4/strict.dtd">
- <html land="en">
- <head> <title>Python Vulnerable Code</title> </head>
- <body>
- <form method="get" action="parsing_get.wsgi">
- <p>
- Name: <input type="text" name="name">
- </p>
- <p>
- Hobbies:
- <input name="hobbies" type="checkbox" value="Vulnerability Research"> Vulnerability Research
- <input name="hobbies" type="checkbox" value="Web Application Research"> Web Application Research
- </p>
- <p>
- <input type="submit" value="Submit">
- </p>
- </form>
- <p>
- Name: %s<br>
- Hobbies: %s
- </p>
- </body>
- </html>"""
- def application(environ, start_response):
- # Returns a dictionary containing lists as values.
- d = parse_qs(environ['QUERY_STRING'])
- # In this idiom you must issue a list containing a default value.
- name = d.get('name', [''])[0] # Returns the first name value.
- hobbies = d.get('hobbies', []) # Returns a list of hobbies if applied.
- response_body = html % (name or 'Empty',
- ', '.join(hobbies or ['No Hobbies, you probably need one!']))
- status = '200 OK'
- # Now content type is text/html
- response_headers = [('Content-Type', 'text/html'),
- ('Content-Length', str(len(response_body)))]
- start_response(status, response_headers)
- return [response_body]
- httpd = make_server('localhost', 8051, application)
- # Now it is serve_forever() in instead of handle_request().
- # In Windows you can kill it in the Task Manager (python.exe).
- # In Linux a Ctrl-C will do it.
- httpd.serve_forever()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement