mirror of https://github.com/dirtbags/moth.git
60pt webapp puzzle
This commit is contained in:
Curt Hash
parent
474bbf83fd
commit
bc20a76487
|
|
@ -1,2 +1 @@
|
|||
eVkIwHzOok
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
../10/,binary.png
|
||||
|
|
@ -0,0 +1 @@
|
|||
../10/,ctf.css
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import os
|
||||
import cgi
|
||||
import cgitb
|
||||
cgitb.enable(context=10)
|
||||
|
||||
#if os.environ.has_key('QUERY_STRING'):
|
||||
# os.environ['QUERY_STRING'] = ''
|
||||
|
||||
fields = cgi.FieldStorage()
|
||||
|
||||
import Cookie
|
||||
c = Cookie.SimpleCookie()
|
||||
c['key'] = 'QJebByJaKX'
|
||||
c['content'] = '<p><em>Maybe I should have used sessions...</em></p>'
|
||||
|
||||
print 'Content-Type: text/html\n%s\n\n\n' % c
|
||||
print ''
|
||||
|
||||
print '''
|
||||
<html>
|
||||
<head>
|
||||
<title>6</title>
|
||||
<link rel="stylesheet" type="text/css" href=",ctf.css" media="all" />
|
||||
<script type="text/javascript">
|
||||
function readCookie(key) {
|
||||
var s = key + '=';
|
||||
var toks = document.cookie.split(';');
|
||||
for (var i = 0; i < toks.length; i++) {
|
||||
var tok = toks[i];
|
||||
while (tok.charAt(0) == ' ') {
|
||||
tok = tok.substring(1, tok.length);
|
||||
}
|
||||
if (tok.indexOf(s) == 0) {
|
||||
return tok.substring(s.length, tok.length);
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
function setContent() {
|
||||
content = readCookie("content");
|
||||
document.getElementById("stuff").innerHTML = content.substring(1, content.length-1);
|
||||
}
|
||||
|
||||
window.onload = setContent;
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<div id="content">
|
||||
<h1>Web Application Challenge 6</h1>
|
||||
<p>Through some manipulation or interpretation of this CGI script
|
||||
and the HTML page(s) that it generates, a 10 character key can be
|
||||
found.</p>
|
||||
<p><strong>Find the key!</strong></p>
|
||||
|
||||
<div class="vertsep"></div>
|
||||
<div id="stuff"></div>
|
||||
'''
|
||||
|
||||
print '''
|
||||
</div>
|
||||
<div id="footer">
|
||||
<p>Copyright © 2009 LANS, LLC.</p>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
'''
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
QJebByJaKX
|
||||
|
|
@ -8,3 +8,5 @@
|
|||
50: change the quantity value (hidden form field) to something greater than the
|
||||
stated quantity limit. the key is in the resulting traceback. entering non-
|
||||
integers is caught and handled, so that no longer works.
|
||||
60: the key is in the cookie. note the javascript that reads a value from the
|
||||
cookie, hopefully causing the player to take a look at the cookie.
|
||||
|
|
|
|||
Loading…
Reference in New Issue