0

I need to return the file data while running the URL to the browser using Python. Here is my code:

def createfile(request):
    if request.method == 'GET' and 'q' in request.GET:
        param = request.GET['param']
        if param is not None and param != '':
            execfile(param)

When user will run http://127.0.0.1:8000/createfile/?param=/opt/lampp/htdocs/Nuclear_reactor/d25/nuclear_vulnerable/hello.py on the browser the content inside the hello.py file should return to the browser.

halfer
  • 19,824
  • 17
  • 99
  • 186
satya
  • 3,508
  • 11
  • 50
  • 130
  • 1
    Is that a path on the server or on the client computer? Allowing arbitrary code execution like that looks like a great big security mistake. – Håken Lid Jul 13 '17 at 11:05
  • File path is from project folder and I also need to fetch remote files. – satya Jul 13 '17 at 11:06
  • 1
    Your function doesn't have a return value. Do you want to return the content of `param` or the result of executing that script? I would avoid using `execfile` for security reasons. – Håken Lid Jul 13 '17 at 11:15
  • I need to return the file contains only. – satya Jul 13 '17 at 11:16
  • Why don't you need django? If you are using apache, you can conveniently serve files directly. – Håken Lid Jul 13 '17 at 11:18
  • Can you share your answer based on my example. ? – satya Jul 13 '17 at 11:19
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/149113/discussion-between-satya-and-haken-lid). – satya Jul 13 '17 at 11:20
  • 1
    Possible duplicate of [Having Django serve downloadable files](https://stackoverflow.com/questions/1156246/having-django-serve-downloadable-files) – Håken Lid Jul 13 '17 at 11:20
  • Simplest solution is to return a `FileResponse` https://docs.djangoproject.com/en/1.10/ref/request-response/#fileresponse-objects – Håken Lid Jul 13 '17 at 11:21
  • Please let us know when your project is online so we can hack your server. Might be a lot of fun with such a security hole... – bruno desthuilliers Jul 13 '17 at 11:54
  • Actually I need to create the `Vulnerability` inside the code. – satya Jul 13 '17 at 12:03

0 Answers0