From bc20a764875b244c312c36d2bdfbb25360d0d23a Mon Sep 17 00:00:00 2001 From: Curt Hash Date: Tue, 13 Oct 2009 15:00:04 -0600 Subject: [PATCH] 60pt webapp puzzle --- puzzles/webapp/50/key | 1 - puzzles/webapp/60/,binary.png | 1 + puzzles/webapp/60/,ctf.css | 1 + puzzles/webapp/60/6.cgi | 72 +++++++++++++++++++++++++++++++++++ puzzles/webapp/60/key | 1 + puzzles/webapp/summary.txt | 2 + 6 files changed, 77 insertions(+), 1 deletion(-) create mode 120000 puzzles/webapp/60/,binary.png create mode 120000 puzzles/webapp/60/,ctf.css create mode 100755 puzzles/webapp/60/6.cgi create mode 100644 puzzles/webapp/60/key diff --git a/puzzles/webapp/50/key b/puzzles/webapp/50/key index 9c65921..042dd52 100644 --- a/puzzles/webapp/50/key +++ b/puzzles/webapp/50/key @@ -1,2 +1 @@ eVkIwHzOok - diff --git a/puzzles/webapp/60/,binary.png b/puzzles/webapp/60/,binary.png new file mode 120000 index 0000000..36053bd --- /dev/null +++ b/puzzles/webapp/60/,binary.png @@ -0,0 +1 @@ +../10/,binary.png \ No newline at end of file diff --git a/puzzles/webapp/60/,ctf.css b/puzzles/webapp/60/,ctf.css new file mode 120000 index 0000000..19b2533 --- /dev/null +++ b/puzzles/webapp/60/,ctf.css @@ -0,0 +1 @@ +../10/,ctf.css \ No newline at end of file diff --git a/puzzles/webapp/60/6.cgi b/puzzles/webapp/60/6.cgi new file mode 100755 index 0000000..75e192b --- /dev/null +++ b/puzzles/webapp/60/6.cgi @@ -0,0 +1,72 @@ +#!/usr/bin/python + +import os +import cgi +import cgitb +cgitb.enable(context=10) + +#if os.environ.has_key('QUERY_STRING'): +# os.environ['QUERY_STRING'] = '' + +fields = cgi.FieldStorage() + +import Cookie +c = Cookie.SimpleCookie() +c['key'] = 'QJebByJaKX' +c['content'] = '

Maybe I should have used sessions...

' + +print 'Content-Type: text/html\n%s\n\n\n' % c +print '' + +print ''' + + + 6 + + + + +
+
+

Web Application Challenge 6

+

Through some manipulation or interpretation of this CGI script + and the HTML page(s) that it generates, a 10 character key can be + found.

+

Find the key!

+ +
+
+''' + +print ''' +
+ +
+ + +''' + diff --git a/puzzles/webapp/60/key b/puzzles/webapp/60/key new file mode 100644 index 0000000..f235990 --- /dev/null +++ b/puzzles/webapp/60/key @@ -0,0 +1 @@ +QJebByJaKX diff --git a/puzzles/webapp/summary.txt b/puzzles/webapp/summary.txt index c2868e0..c59df78 100644 --- a/puzzles/webapp/summary.txt +++ b/puzzles/webapp/summary.txt @@ -8,3 +8,5 @@ 50: change the quantity value (hidden form field) to something greater than the stated quantity limit. the key is in the resulting traceback. entering non- integers is caught and handled, so that no longer works. +60: the key is in the cookie. note the javascript that reads a value from the + cookie, hopefully causing the player to take a look at the cookie.