Issue
I'm creating a website for ethical hackers where they can search a database of Collections 1-5' data breach. I'm Making this application use URL parameters, to make the application simple I just leave the parameters I'm not using blank ex. username=&password=pass
but my issue is that sometimes (because it was working before this) returns a random value I can't figure out.
For example, let's say the variable is called var1
, I make an If statement-making sure that's it's not null so I do
if var1 != "":
pass
But there's some weird value going through and the if statement is still running.
What I've tried:
I've tried adding multiple values to the if-statement that could also be blank like,
var1 != "" or var1 != None or var1 != " "
This is the exact URL I use with postman and it throws a 500 500 INTERNAL SERVER ERROR
http://localhost:6969/search/shordan?ip=&port=&domain=&formated_domain=&asn=&isp=&orginization=&tag=&product=&city=i&country=u&email=&tel=
Note I only added the extra or !=
statements to the first if loop for testing which didn't work
And these are my if statements
if ip != "" or ip != None or ip != " ":
IP = f"ip LIKE '%{ip}%' "
andCounter += 1
hasIP = True
else:
IP = ""
if port != "" or port != None:
Port = f"Port LIKE '%{port}%' "
andCounter += 1
hasPort = True
else:
Port = ""
if domain != "" or domain != None:
Domain = f"Domain LIKE '%{domain}%' "
andCounter += 1
hasDomain = True
else:
Domain = ""
if formatedDomain != "" or formatedDomain != None:
FormatedDomain = f"'FORMATED DOMAIN' LIKE '%{formatedDomain}%' "
andCounter += 1
hasFormatedDomain = True
else:
formatedDomain = ""
if asn != "" or asn != None:
print("asn: " + asn)
Asn = f"asn LIKE '%{asn}%' "
andCounter += 1
hasAsn = True
else:
Asn = ""
if isp != "" or isp != None:
ISP = f"ISP LIKE '%{isp}%' "
andCounter += 1
hasISP = True
else:
ISP = ""
if orginization != "" or orginization != None:
Orginization = f"ORGANIZATION LIKE '%{orginization}%' "
andCounter += 1
hasOrginization = True
else:
Orginization = ""
if tag != "" or tag != None:
Tag = f"tags LIKE '%{tag}%' "
andCounter += 1
hasTag = True
else:
Tag = ""
if product != "" or product != None:
print("product: " + product)
Product = f"product LIKE '%{product}%' "
andCounter += 1
hasProduct = True
else:
Product = ""
if city != "" or city != None:
print("city: " + city)
City = f"city LIKE '%{city}%' "
andCounter += 1
hasCity = True
else:
City = ""
if country != "" or country != None:
Country = f"country LIKE '%{country}%' "
andCounter += 1
hasCountry = True
else:
Country = ""
if email != "" or email != None:
Email = f"email LIKE '%{email}%' "
andCounter += 1
hasEmail = True
else:
Email = ""
if tel != "" or tel != None:
Tel = f"tel LIKE '%{tel}%' "
andCounter += 1
hasTel = True
else:
Tel = ""
If it helps I made the if statement make a variable True
if the if statement runs then i printed that and these are the results
Has IP: True
has Port: True
Has Domain: True
Has Formated Domain: True
hasASN: False
hasISP: True
hasOrginization: True
hasTag: True
hasProduct: True
hasCity: True
hasCountry: True
hasEmail: True
hasTel: True
Solution
I tried to do verify if the param is none by:
@app.route("/test",methods=["GET"])
def test():
emptyvalues = ["", "''", " ", "' '", None, '""', '" "']
data = request.args
if "ip" in data and data["ip"] not in emptyvalues:
hasIP = True
else:
hasIP = False
if "port" in data and data["port"] not in emptyvalues:
hasPort = True
else:
hasPort = False
print(hasIP, hasPort)
print(data)
return 'hello'
I used
/test?ip=123&port=&domain=&formated_domain=&asn=&isp=&orginization=&tag=&product=&city=i&country=u&email=&tel=
Which results to
True
False
ImmutableMultiDict([('ip', '123'), ('port', ''), ('domain', ''), ('formated_domain', ''), ('asn', ''), ('isp', ''), ('orginization', ''), ('tag', ''), ('product', ''), ('city', 'i'), ('country', 'u'), ('email', ''), ('tel', '')])
Your code uses "or" instead of "and" that's why the invalid input are passing out as True
Answered By - Winmari Manzano
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.