2009-10-14 14:16:09 -06:00
|
|
|
#!/usr/bin/python
|
|
|
|
|
|
|
|
import os
|
|
|
|
import cgi
|
|
|
|
import cgitb
|
|
|
|
import sqlite3
|
|
|
|
cgitb.enable(context=10)
|
|
|
|
|
|
|
|
if os.environ.has_key('QUERY_STRING'):
|
|
|
|
os.environ['QUERY_STRING'] = ''
|
|
|
|
|
|
|
|
fields = cgi.FieldStorage()
|
|
|
|
|
|
|
|
q = None
|
|
|
|
if fields.has_key('q'):
|
|
|
|
q = fields['q'].value
|
|
|
|
|
|
|
|
if q is not None:
|
|
|
|
print 'Content-Type: text/html\n'
|
|
|
|
try:
|
|
|
|
db = sqlite3.connect(',zomg.sqlite3')
|
|
|
|
cur = db.cursor()
|
|
|
|
cur.execute(q)
|
|
|
|
results = cur.fetchall()
|
|
|
|
|
|
|
|
print '<table>'
|
|
|
|
for r in results:
|
|
|
|
print '<tr>'
|
|
|
|
for thing in r:
|
|
|
|
print '<td>%s</td>' % thing
|
|
|
|
print '</tr>'
|
|
|
|
print '</table>'
|
|
|
|
|
|
|
|
except Exception:
|
2009-10-15 09:48:09 -06:00
|
|
|
print '<p class="error">Invalid query: %s</p>' % q
|
2009-10-14 14:16:09 -06:00
|
|
|
|
|
|
|
else:
|
|
|
|
print 'Content-Type: text/html\n'
|
|
|
|
print ''
|
|
|
|
|
|
|
|
print '''
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>8</title>
|
|
|
|
<link rel="stylesheet" type="text/css" href=",ctf.css" media="all" />
|
|
|
|
<script type="text/javascript">
|
|
|
|
|
|
|
|
function buildQuery(table_name, result_limit) {
|
|
|
|
var q = "SELECT * FROM " + table_name + " LIMIT " + result_limit;
|
|
|
|
return q;
|
|
|
|
}
|
|
|
|
|
|
|
|
function getXHRObject() {
|
|
|
|
var xhr = null;
|
|
|
|
try {
|
|
|
|
xhr = new XMLHttpRequest();
|
|
|
|
}
|
|
|
|
catch (ex) {
|
|
|
|
try {
|
|
|
|
xhr = new ActiveXObject("msxml2.XMLHTTP");
|
|
|
|
}
|
|
|
|
catch (ex) {
|
|
|
|
alert("Browser does not support AJAX!")
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return xhr;
|
|
|
|
}
|
|
|
|
|
|
|
|
function sendXHRPost(xhr, url, params) {
|
|
|
|
xhr.open("POST", url, true);
|
|
|
|
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
|
|
|
xhr.setRequestHeader("Content-length", params.length);
|
|
|
|
xhr.setRequestHeader("Connection", "close");
|
|
|
|
xhr.send(params)
|
|
|
|
}
|
|
|
|
|
|
|
|
function doQuery(q) {
|
|
|
|
var xhr = getXHRObject();
|
|
|
|
if (xhr != null) {
|
|
|
|
var url = "8.cgi";
|
|
|
|
var params = "q=" + q;
|
|
|
|
xhr.onreadystatechange = function() {
|
|
|
|
if (xhr.readyState == 4) {
|
|
|
|
var response = xhr.responseText;
|
|
|
|
var d = document.getElementById("results");
|
|
|
|
d.innerHTML = response;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sendXHRPost(xhr, url, params);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function submitForm() {
|
|
|
|
var f = document.getElementById("the_form");
|
|
|
|
var table_name = f.tname.value;
|
|
|
|
var result_limit = f.rlimit.value;
|
|
|
|
|
|
|
|
var q = buildQuery(table_name, result_limit);
|
|
|
|
|
|
|
|
doQuery(q);
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
</script>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<div id="wrapper">
|
|
|
|
<div id="content">
|
|
|
|
<h1>Web Application Challenge 8</h1>
|
|
|
|
<p>Through some manipulation or interpretation of this CGI script
|
|
|
|
and the HTML page(s) that it generates, a 10 character key can be
|
|
|
|
found.</p>
|
|
|
|
<p><strong>Find the key!</strong></p>
|
|
|
|
|
|
|
|
<div class="vertsep"></div>
|
|
|
|
<h2>Database Query Wizard</h2>
|
|
|
|
<p>Use the form below to retrieve data from the database. Select the
|
|
|
|
type of data that you would like to view and the number of database
|
|
|
|
entries to retrieve and then click on the "Query" button.</p>
|
|
|
|
|
|
|
|
<form id="the_form" action="" method="POST" onsubmit="return submitForm()">
|
|
|
|
<br />
|
|
|
|
Topic: <select name="tname">
|
|
|
|
<option value="jokes">Jokes</option>
|
|
|
|
<option value="pics">Pictures</option>
|
|
|
|
</select>
|
|
|
|
<br /><br />
|
|
|
|
# Results: <select name="rlimit">
|
|
|
|
<option value="1">1</option>
|
|
|
|
<option value="2">2</option>
|
|
|
|
<option value="3">3</option>
|
|
|
|
<option value="4">4</option>
|
|
|
|
<option value="5">5</option>
|
|
|
|
</select>
|
|
|
|
<br /><br />
|
|
|
|
<input type="submit" value="Query" />
|
|
|
|
</form>
|
|
|
|
|
|
|
|
<div id="results"></div>
|
|
|
|
</div>
|
|
|
|
<div id="footer">
|
|
|
|
<p>Copyright © 2009 LANS, LLC.</p>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
'''
|
|
|
|
|