diff --git a/main.py b/main.py index 468f8c0..4a9f098 100644 --- a/main.py +++ b/main.py @@ -1,5 +1,6 @@ import requests import subprocess +import shlex def func_calls(): formats.get_format() @@ -13,14 +14,14 @@ def func_calls(): 'http': 'http://test:pass@localhost:8080', 'https': 'http://test:pass@localhost:8090', } - url = 'http://example.com' # Replace with a valid URL + url = 'https://example.com' # Replace with a valid URL req = requests.Request('GET', url) prep = req.prepare() session.rebuild_proxies(prep, proxies) - # Introduce a command injection vulnerability + # Fix command injection vulnerability user_input = input("Enter a command to execute: ") - command = "ping " + user_input - subprocess.call(command, shell=True) + command = ["ping"] + shlex.split(user_input) + subprocess.Popen(command, shell=False) - print("Command executed!") \ No newline at end of file + print("Command executed!")