mirror of
https://github.com/github/codeql.git
synced 2026-01-07 03:30:24 +01:00
16 lines
441 B
Python
16 lines
441 B
Python
import requests
|
|
from flask import Flask, request
|
|
|
|
app = Flask(__name__)
|
|
|
|
@app.route("/full_ssrf")
|
|
def full_ssrf():
|
|
target = request.args["target"]
|
|
|
|
# BAD: user has full control of URL
|
|
resp = requests.get("https://" + target + ".example.com/data/")
|
|
|
|
# GOOD: `subdomain` is controlled by the server.
|
|
subdomain = "europe" if target == "EU" else "world"
|
|
resp = requests.get("https://" + subdomain + ".example.com/data/")
|