moth/puzzles/webapp/80/8.cgi

151 lines
3.5 KiB
Plaintext
Raw Normal View History

2009-10-14 14:16:09 -06:00
#!/usr/bin/python
import os
import cgi
import cgitb
import sqlite3
cgitb.enable(context=10)
if os.environ.has_key('QUERY_STRING'):
os.environ['QUERY_STRING'] = ''
fields = cgi.FieldStorage()
q = None
if fields.has_key('q'):
q = fields['q'].value
if q is not None:
print 'Content-Type: text/html\n'
try:
db = sqlite3.connect(',zomg.sqlite3')
cur = db.cursor()
cur.execute(q)
results = cur.fetchall()
print '<table>'
for r in results:
print '<tr>'
for thing in r:
print '<td>%s</td>' % thing
print '</tr>'
print '</table>'
except Exception:
2009-10-15 09:48:09 -06:00
print '<p class="error">Invalid query: %s</p>' % q
2009-10-14 14:16:09 -06:00
else:
print 'Content-Type: text/html\n'
print ''
print '''
<html>
<head>
<title>8</title>
<link rel="stylesheet" type="text/css" href=",ctf.css" media="all" />
<script type="text/javascript">
function buildQuery(table_name, result_limit) {
var q = "SELECT * FROM " + table_name + " LIMIT " + result_limit;
return q;
}
function getXHRObject() {
var xhr = null;
try {
xhr = new XMLHttpRequest();
}
catch (ex) {
try {
xhr = new ActiveXObject("msxml2.XMLHTTP");
}
catch (ex) {
alert("Browser does not support AJAX!")
return null;
}
}
return xhr;
}
function sendXHRPost(xhr, url, params) {
xhr.open("POST", url, true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("Content-length", params.length);
xhr.setRequestHeader("Connection", "close");
xhr.send(params)
}
function doQuery(q) {
var xhr = getXHRObject();
if (xhr != null) {
var url = "8.cgi";
var params = "q=" + q;
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
var response = xhr.responseText;
var d = document.getElementById("results");
d.innerHTML = response;
}
}
sendXHRPost(xhr, url, params);
}
}
function submitForm() {
var f = document.getElementById("the_form");
var table_name = f.tname.value;
var result_limit = f.rlimit.value;
var q = buildQuery(table_name, result_limit);
doQuery(q);
return false;
}
</script>
</head>
<body>
<div id="wrapper">
<div id="content">
<h1>Web Application Challenge 8</h1>
<p>Through some manipulation or interpretation of this CGI script
and the HTML page(s) that it generates, a 10 character key can be
found.</p>
<p><strong>Find the key!</strong></p>
<div class="vertsep"></div>
<h2>Database Query Wizard</h2>
<p>Use the form below to retrieve data from the database. Select the
type of data that you would like to view and the number of database
entries to retrieve and then click on the &quot;Query&quot; button.</p>
<form id="the_form" action="" method="POST" onsubmit="return submitForm()">
<br />
Topic: <select name="tname">
<option value="jokes">Jokes</option>
<option value="pics">Pictures</option>
</select>
<br /><br />
# Results: <select name="rlimit">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
<br /><br />
<input type="submit" value="Query" />
</form>
<div id="results"></div>
</div>
<div id="footer">
<p>Copyright &copy; 2009 LANS, LLC.</p>
</div>
</div>
</body>
</html>
'''