#!/usr/bin/python import os import cgi import cgitb cgitb.enable(context=10) if os.environ.has_key('QUERY_STRING'): os.environ['QUERY_STRING'] = '' fields = cgi.FieldStorage() print 'Content-Type: text/html' print '' print ''' 5

Web Application Challenge 5

Through some manipulation or interpretation of this CGI script and the HTML page(s) that it generates, a 10 character key can be found.

Find the key!

''' PRODUCT_NAME = "Alex Brugh" QUANT_LIMIT = 1 def purchase_success(quantity): print '''

Congratulations, your order for %d "%s" has been placed.

''' % (quantity, PRODUCT_NAME) class InvalidQuantityError(Exception): def __init__(self, value): self.value = value def __str__(self): return repr(self.value) quantity = None if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME: product = fields['product'].value try: quantity = int(fields['quantity'].value) if quantity > QUANT_LIMIT: # key = eVkIwHzOok raise InvalidQuantityError("%d is not a valid quantity (limit %d)" % (quantity, QUANT_LIMIT)) except ValueError: print '''

There was an error with your order request. Sorry.

''' quantity = None if quantity is not None: purchase_success(quantity) else: print '''

SALE: %s

Use the order form below to place an order.

Orders for "%s" are limited to 1 per customer.

''' % (PRODUCT_NAME, PRODUCT_NAME, PRODUCT_NAME) print '''
'''