50pt webapp puzzle

puzzles/webapp/10/,ctf.css

@@ -52,3 +52,11 @@ h1,h2,h3,h4 {
 	margin: 2em auto 2em auto;
 	border-bottom: 1px dotted #222;
 }
+
+.error {
+	padding: 1em;
+	background: #fff;
+	color: red;
+	border: 1px solid red;
+	font-weight: bold;
+}

puzzles/webapp/50/,binary,png

@@ -0,0 +1 @@
+../10/,binary.png

puzzles/webapp/50/,ctf.css

@@ -0,0 +1 @@
+../10/,ctf.css

puzzles/webapp/50/5.cgi

@@ -0,0 +1,89 @@
+#!/usr/bin/python
+
+import os
+import cgi
+import cgitb
+cgitb.enable(context=10)
+
+if os.environ.has_key('QUERY_STRING'):
+	os.environ['QUERY_STRING'] = ''
+
+fields = cgi.FieldStorage()
+
+print 'Content-Type: text/html'
+print ''
+
+print '''
+<html>
+	<head>
+		<title>5</title>
+		<link rel="stylesheet" type="text/css" href=",ctf.css" media="all" />
+	</head>
+	<body>
+		<div id="wrapper">
+			<div id="content">
+				<h1>Web Application Challenge 5</h1>
+				<p>Through some manipulation or interpretation of this CGI script 
+				and the HTML page(s) that it generates, a 10 character key can be 
+				found.</p>
+				<p><strong>Find the key!</strong></p>
+
+				<div class="vertsep"></div>
+'''
+
+PRODUCT_NAME = "Alex Brugh"
+QUANT_LIMIT = 1
+
+def purchase_success(quantity):
+	print '''
+				<p>Congratulations, your order for %d "%s" has been placed.</p>
+	''' % (quantity, PRODUCT_NAME)
+
+class InvalidQuantityError(Exception):
+	def __init__(self, value):
+		self.value = value
+	def __str__(self):
+		return repr(self.value)
+
+quantity = None
+if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME:
+	product = fields['product'].value
+	try:
+		quantity = int(fields['quantity'].value)
+		if quantity > QUANT_LIMIT:
+			# key = eVkIwHzOok 
+			raise InvalidQuantityError("%d is not a valid quantity (limit %d)" % (quantity, QUANT_LIMIT))
+	except ValueError:
+		print '''
+				<p class="error">There was an error with your order request. Sorry.</p>
+		'''
+		quantity = None
+	
+if quantity is not None:
+	purchase_success(quantity)
+else:
+	print '''
+
+				<h2>SALE: %s</h2>
+				<p>Use the order form below to place an order.</p>
+
+				<form method="post" action="5.cgi">
+					<em>Orders for "%s" are limited to 1 per customer.</em>
+					<br /><br />
+					<input type="submit" value="Order!" />
+					<input type="hidden" name="product" value="%s" />
+					<input type="hidden" name="quantity" value="1" />
+				</form>
+	''' % (PRODUCT_NAME, PRODUCT_NAME, PRODUCT_NAME)
+
+print '''
+
+			</div>
+			<div id="footer">
+				<p>Copyright &copy; 2009 LANS, LLC.</p>
+			</div>
+		</div>
+	</body>
+</html>
+'''
+

puzzles/webapp/50/key

@@ -0,0 +1,2 @@
+eVkIwHzOok
+

puzzles/webapp/summary.txt

@@ -5,4 +5,6 @@
 		resulting traceback.
 40:		change the value in the POST request to a non-integer. the key is in the
 		resulting traceback.
-
+50:		change the quantity value (hidden form field) to something greater than the
+		stated quantity limit. the key is in the resulting traceback. entering non-
+		integers is caught and handled, so that no longer works.