From 67d40814d77074709466d8ead54b4903b52295c9 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 11:48:40 +0530 Subject: [PATCH 01/13] Update routes.py --- routes.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routes.py b/routes.py index 25dde68..faa8c44 100644 --- a/routes.py +++ b/routes.py @@ -36,7 +36,7 @@ def login(): db = get_db() # Intentionally vulnerable to SQL Injection in the username field - query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hashed_password}'" + query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hashed_password}'" print(f"Executing SQL Query: {query}") # Debug the SQL query being executed result = db.execute(query).fetchone() @@ -235,4 +235,4 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): - return render_template('admin_tickets.html', tickets=tickets) \ No newline at end of file + return render_template('admin_tickets.html', tickets=tickets) From 7be03cae43f5ebf4e041bdfa4bebdee87ad79394 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 11:51:41 +0530 Subject: [PATCH 02/13] Update routes.py --- routes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes.py b/routes.py index faa8c44..b668246 100644 --- a/routes.py +++ b/routes.py @@ -36,7 +36,7 @@ def login(): db = get_db() # Intentionally vulnerable to SQL Injection in the username field - query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hashed_password}'" + query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hashed_password}' " print(f"Executing SQL Query: {query}") # Debug the SQL query being executed result = db.execute(query).fetchone() From cea1cb6f0b469cf9ff1f3bdadbab87c013994a8f Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 11:52:46 +0530 Subject: [PATCH 03/13] Update routes.py --- routes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/routes.py b/routes.py index b668246..7a6f3fb 100644 --- a/routes.py +++ b/routes.py @@ -170,6 +170,7 @@ def xss_demo(): if 'username' not in session: flash("You must be logged in to access the XSS demo.", "danger") return redirect(url_for('login')) + search = request.args.get('search') if request.method == 'POST': From cb814f5fa391ac1c4af211c2ebca5e4c8de37359 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 11:53:42 +0530 Subject: [PATCH 04/13] Update routes.py --- routes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes.py b/routes.py index 7a6f3fb..d5f5638 100644 --- a/routes.py +++ b/routes.py @@ -36,7 +36,7 @@ def login(): db = get_db() # Intentionally vulnerable to SQL Injection in the username field - query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hashed_password}' " + query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{hashed_password}'" print(f"Executing SQL Query: {query}") # Debug the SQL query being executed result = db.execute(query).fetchone() From 6bbc3a54fd71e6fd9e0698eba9d32d5709acfe8f Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:03:44 +0530 Subject: [PATCH 05/13] Update routes.py --- routes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/routes.py b/routes.py index d5f5638..a783e8d 100644 --- a/routes.py +++ b/routes.py @@ -237,3 +237,4 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): return render_template('admin_tickets.html', tickets=tickets) + From 3ab71c3aac2e08a15b9aed8724d521ca111685d6 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:05:12 +0530 Subject: [PATCH 06/13] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 795b561..deda055 100644 --- a/README.md +++ b/README.md @@ -173,3 +173,4 @@ SOFTWARE. --- **Disclaimer**: This application is intentionally insecure and should only be used in a controlled environment for educational purposes. + From a27e8fab65213de6317a191866704a674a0620a6 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:08:47 +0530 Subject: [PATCH 07/13] Update routes.py --- routes.py | 1 - 1 file changed, 1 deletion(-) diff --git a/routes.py b/routes.py index a783e8d..d5f5638 100644 --- a/routes.py +++ b/routes.py @@ -237,4 +237,3 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): return render_template('admin_tickets.html', tickets=tickets) - From 605d62b6cb2472b2d19aa067f78d12279b619bcd Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:11:58 +0530 Subject: [PATCH 08/13] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index deda055..b45c33b 100644 --- a/README.md +++ b/README.md @@ -173,4 +173,4 @@ SOFTWARE. --- **Disclaimer**: This application is intentionally insecure and should only be used in a controlled environment for educational purposes. - +Helloi From 44c15e758607d784276c1f0113e8653ef98a4392 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:15:09 +0530 Subject: [PATCH 09/13] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b45c33b..795b561 100644 --- a/README.md +++ b/README.md @@ -173,4 +173,3 @@ SOFTWARE. --- **Disclaimer**: This application is intentionally insecure and should only be used in a controlled environment for educational purposes. -Helloi From 8e996f0b8083f0fdef554457f7b4cfe51d0b20df Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:16:16 +0530 Subject: [PATCH 10/13] Update routes.py --- routes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/routes.py b/routes.py index d5f5638..a783e8d 100644 --- a/routes.py +++ b/routes.py @@ -237,3 +237,4 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): return render_template('admin_tickets.html', tickets=tickets) + From 2a8b2bd186f25bf60eb280f3e35c81b978072203 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:43:23 +0530 Subject: [PATCH 11/13] Update routes.py --- routes.py | 1 - 1 file changed, 1 deletion(-) diff --git a/routes.py b/routes.py index a783e8d..d5f5638 100644 --- a/routes.py +++ b/routes.py @@ -237,4 +237,3 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): return render_template('admin_tickets.html', tickets=tickets) - From 84d63a663c8affe57a6ec3f56fecffd5202a0525 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:44:48 +0530 Subject: [PATCH 12/13] Update routes.py --- routes.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/routes.py b/routes.py index d5f5638..607d679 100644 --- a/routes.py +++ b/routes.py @@ -237,3 +237,5 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): return render_template('admin_tickets.html', tickets=tickets) + + From 806664ab51f5dbcac248a6dd46f516fa6f6268e5 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 22 Aug 2025 12:48:16 +0530 Subject: [PATCH 13/13] Update routes.py --- routes.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/routes.py b/routes.py index 607d679..d5f5638 100644 --- a/routes.py +++ b/routes.py @@ -237,5 +237,3 @@ def create_ticket(): @app.route('/admin/tickets') def view_tickets(): return render_template('admin_tickets.html', tickets=tickets) - -