#!/usr/bin/python import os import cgi import cgitb import sqlite3 cgitb.enable(context=10) if os.environ.has_key('QUERY_STRING'): os.environ['QUERY_STRING'] = '' fields = cgi.FieldStorage() q = None if fields.has_key('q'): q = fields['q'].value if q is not None: print 'Content-Type: text/html\n' try: db = sqlite3.connect(',zomg.sqlite3') cur = db.cursor() cur.execute(q) results = cur.fetchall() print '' for r in results: print '' for thing in r: print '' % thing print '' print '
%s
' except Exception: print '

Invalid query: %s

' % q else: print 'Content-Type: text/html\n' print '' print ''' 8

Web Application Challenge 8

Through some manipulation or interpretation of this CGI script and the HTML page(s) that it generates, a 10 character key can be found.

Find the key!

Database Query Wizard

Use the form below to retrieve data from the database. Select the type of data that you would like to view and the number of database entries to retrieve and then click on the "Query" button.


Topic:

# Results:

'''