Minor update of vuln tests

2025-12-07 05:01:30 +00:00 · 2019-11-18 12:08:26 +01:00
parent 0a0c696e84
commit 5044894928
3 changed files with 8 additions and 4 deletions
--- a/extra/vulnserver/vulnserver.py
+++ b/extra/vulnserver/vulnserver.py
@@ -126,7 +126,7 @@ class ReqHandler(BaseHTTPRequestHandler):
        if self.url == '/':
            self.send_response(OK)

-            if "id" not in params:
+            if not any(_ in self.params for _ in ("id", "query")):
                self.send_header("Content-type", "text/html")
                self.send_header("Connection", "close")
                self.end_headers()
@@ -145,7 +145,10 @@ class ReqHandler(BaseHTTPRequestHandler):
                        output += "%s<br>" % self.params["echo"]

                    with _lock:
-                        _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params.get("id", ""))
+                        if "query" in self.params:
+                            _cursor.execute(self.params["query"])
+                        elif "id" in self.params:
+                            _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"])
                        results = _cursor.fetchall()

                    output += "<b>SQL results:</b>\n"