mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
18 lines
467 B
Python
18 lines
467 B
Python
"""Phase 12 (Track L.10) — Django CMDI vuln fixture.
|
|
|
|
`run_cmd(request)` reads `request.GET["cmd"]` and pipes it straight to
|
|
`os.system`. Adapter binding: `path("run/", run_cmd)` registration with
|
|
`cmd` flowing through `request.GET`.
|
|
"""
|
|
import os
|
|
from django.http import HttpResponse
|
|
from django.urls import path
|
|
|
|
|
|
def run_cmd(request):
|
|
cmd = request.GET.get("cmd", "")
|
|
os.system(cmd)
|
|
return HttpResponse("ok")
|
|
|
|
|
|
urlpatterns = [path("run/", run_cmd)]
|