Change the "dangerous" payload for flask mysql

bitterpanda63 · bitterpanda63 · commit 5cba5ec9050c · 2025-03-10T09:29:48.000+01:00
diff --git a/end2end/flask_mysql.py b/end2end/flask_mysql.py
@@ -6,7 +6,7 @@
 flask_mysql_app.add_payload(
     "sql", test_event=events["flask_mysql_attack_sql"],
     safe_request=Request("/create", body={"dog_name": "Bobby"}, data_type="form"),
-    unsafe_request=Request("/create", body={"dog_name": "Bobby"}, data_type="form")
+    unsafe_request=Request("/create", body={"dog_name": "Dangerous bobby\", 1); -- "}, data_type="form")
 )
 flask_mysql_app.add_payload(
     "shell", test_event=events["flask_mysql_attack_shell"],

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`flask_mysql_app.add_payload(`
`7`	`7`	`"sql", test_event=events["flask_mysql_attack_sql"],`
`8`	`8`	`safe_request=Request("/create", body={"dog_name": "Bobby"}, data_type="form"),`
`9`		`- unsafe_request=Request("/create", body={"dog_name": "Bobby"}, data_type="form")`
	`9`	`+ unsafe_request=Request("/create", body={"dog_name": "Dangerous bobby\", 1); -- "}, data_type="form")`
`10`	`10`	`)`
`11`	`11`	`flask_mysql_app.add_payload(`
`12`	`12`	`"shell", test_event=events["flask_mysql_attack_shell"],`