neale/moth
neale
/
moth
mirror of https://github.com/dirtbags/moth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

50pt webapp puzzle

This commit is contained in:
Curt Hash 2009-10-13 14:03:35 -06:00
parent 518bb2988d
commit 474bbf83fd
6 changed files with 104 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
puzzles/webapp/10/,ctf.css
View File

@ -52,3 +52,11 @@ h1,h2,h3,h4 {
margin: 2em auto 2em auto; margin: 2em auto 2em auto;
border-bottom: 1px dotted #222; border-bottom: 1px dotted #222;
} }
.error {
padding: 1em;
background: #fff;
color: red;
border: 1px solid red;
font-weight: bold;
}

1
puzzles/webapp/50/,binary,png Symbolic link
View File

@ -0,0 +1 @@
../10/,binary.png

1
puzzles/webapp/50/,ctf.css Symbolic link
View File

@ -0,0 +1 @@
../10/,ctf.css

89
puzzles/webapp/50/5.cgi Executable file
View File

@ -0,0 +1,89 @@
#!/usr/bin/python
import os
import cgi
import cgitb
cgitb.enable(context=10)
if os.environ.has_key('QUERY_STRING'):
os.environ['QUERY_STRING'] = ''
fields = cgi.FieldStorage()
print 'Content-Type: text/html'
print ''
print '''
<html>
<head>
<title>5</title>
<link rel="stylesheet" type="text/css" href=",ctf.css" media="all" />
</head>
<body>
<div id="wrapper">
<div id="content">
<h1>Web Application Challenge 5</h1>
<p>Through some manipulation or interpretation of this CGI script
and the HTML page(s) that it generates, a 10 character key can be
found.</p>
<p><strong>Find the key!</strong></p>
<div class="vertsep"></div>
'''
PRODUCT_NAME = "Alex Brugh"
QUANT_LIMIT = 1
def purchase_success(quantity):
print '''
<p>Congratulations, your order for %d "%s" has been placed.</p>
''' % (quantity, PRODUCT_NAME)
class InvalidQuantityError(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
quantity = None
if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME:
product = fields['product'].value
try:
quantity = int(fields['quantity'].value)
if quantity > QUANT_LIMIT:
# key = eVkIwHzOok
raise InvalidQuantityError("%d is not a valid quantity (limit %d)" % (quantity, QUANT_LIMIT))
except ValueError:
print '''
<p class="error">There was an error with your order request. Sorry.</p>
'''
quantity = None
if quantity is not None:
purchase_success(quantity)
else:
print '''
<h2>SALE: %s</h2>
<p>Use the order form below to place an order.</p>
<form method="post" action="5.cgi">
<em>Orders for "%s" are limited to 1 per customer.</em>
<br /><br />
<input type="submit" value="Order!" />
<input type="hidden" name="product" value="%s" />
<input type="hidden" name="quantity" value="1" />
</form>
''' % (PRODUCT_NAME, PRODUCT_NAME, PRODUCT_NAME)
print '''
</div>
<div id="footer">
<p>Copyright &copy; 2009 LANS, LLC.</p>
</div>
</div>
</body>
</html>
'''

2
puzzles/webapp/50/key Normal file
View File

@ -0,0 +1,2 @@
eVkIwHzOok

4
puzzles/webapp/summary.txt
View File

@ -5,4 +5,6 @@
resulting traceback. resulting traceback.
40: change the value in the POST request to a non-integer. the key is in the 40: change the value in the POST request to a non-integer. the key is in the
resulting traceback. resulting traceback.
50: change the quantity value (hidden form field) to something greater than the
stated quantity limit. the key is in the resulting traceback. entering non-
integers is caught and handled, so that no longer works.