diff --git a/Command Injection/tainted.py b/Command Injection/tainted.py
new file mode 100644
index 0000000..2177381
--- /dev/null
+++ b/Command Injection/tainted.py	
@@ -0,0 +1,14 @@
+import os
+from flask import Flask, request
+app = Flask(__name__)
+
+# curl -X GET "http://localhost:5000/tainted7/touch%20HELLO"
+@app.route("/tainted7/<something>")
+def test_sources_7(something):
+    
+    os.system(request.remote_addr) 
+
+    return "foo"
+
+if __name__ == "__main__":
+	app.run(debug=True)