def scrap(): if not "id" in session: flash("You've not logged in") return redirect("/") url = request.form.get("url", "") title = request.form.get("title", "No title") if url == "": flash("Not a good url... hmm...") return redirect(url_for("index")) if not (url.startswith("http://") or url.startswith("https://")): url = "http://" + url try: # Some website needs normal user-agent res = r.get(url, headers={"User-Agent" : session['browser']}) except: flash("Not a good url... hmm...") return redirect(url_for("index")) # download scrapped html source fname = "scrap_" + random_string_generator(16) f = open(f"scraps/{fname}", 'w', encoding='utf-8') f.write(res.text) f.close() scrap = Scrap(session["id"], fname, title) db_session.add(scrap) db_session.commit() flash(f"Your scrap is stored successfully") return redirect(url_for("index"))
def project(request, context, id): project = Project.get_by_id(int(id)) context['project']=project scraps = Scrap.all().filter("project =", project).order("-created") context['scraps'] = scraps return render_to_response( "project.html", context )
def feed(request, nickname): nickname = Nickname.all().filter("nickname =", nickname).get() if nickname is None: return HttpResponseNotFound( "No such user" ) scraps = Scrap.all().filter("creator =", nickname.user).order("-created").fetch(50) return render_to_response( "feed.xml", {'user':nickname.user, 'scraps':scraps}, mimetype="application/rss+xml" )
flag1 = "GoN{flask_default_session_is_weird_and_k33p_s3cr37_k3y_r3ally_s3cur3}" flag2 = "GoN{I_hate_SQLi73_injec7i0n}" # flag1 - flask session control due to leaked secret_key admin_id = "admin" admin_pw = "super_admin" admin = User(admin_id, generate_password_hash(admin_pw)) db_session.add(admin) fname = "f1r57_fl4g" f = open(f"scraps/{fname}", 'w') f.write(flag1) f.close() flag_scrap1 = Scrap(admin_id, fname, "Here is a flag") db_session.add(flag_scrap1) # flag2 - sqlite injection due to poor ORM usage real_admin_id = "7h3_4dm1n" real_admin_pw = "v3ry_s3cur3_qlalfqjsgh" real_admin = User(real_admin_id, generate_password_hash(real_admin_pw)) db_session.add(real_admin) flag_scrap = Scrap(real_admin_id, flag2, flag2) # not stored in file db_session.add(flag_scrap) db_session.commit() db_session.remove()