コード例 #1
0
ファイル: app.py プロジェクト: metamon123/probs 
def scrap():
    if not "id" in session:
        flash("You've not logged in")
        return redirect("/")

    url = request.form.get("url", "")
    title = request.form.get("title", "No title")

    if url == "":
        flash("Not a good url... hmm...")
        return redirect(url_for("index"))

    if not (url.startswith("http://") or url.startswith("https://")):
        url = "http://" + url

    try:
        # Some website needs normal user-agent
        res = r.get(url, headers={"User-Agent" : session['browser']})
    except:
        flash("Not a good url... hmm...")
        return redirect(url_for("index"))

    # download scrapped html source
    fname = "scrap_" + random_string_generator(16)
    f = open(f"scraps/{fname}", 'w', encoding='utf-8')
    f.write(res.text)
    f.close()

    scrap = Scrap(session["id"], fname, title)
    db_session.add(scrap)
    db_session.commit()

    flash(f"Your scrap is stored successfully")
    return redirect(url_for("index"))
コード例 #2
0
ファイル: views.py プロジェクト: bmander/proje 
def project(request, context, id):
    project = Project.get_by_id(int(id))
    context['project']=project
    
    scraps = Scrap.all().filter("project =", project).order("-created")
    context['scraps'] = scraps
    
    return render_to_response( "project.html", context )
コード例 #3
0
ファイル: views.py プロジェクト: bmander/proje 
def feed(request, nickname):
    nickname = Nickname.all().filter("nickname =", nickname).get()
    
    if nickname is None:
        return HttpResponseNotFound( "No such user" )
        
    scraps = Scrap.all().filter("creator =", nickname.user).order("-created").fetch(50)
    
    return render_to_response( "feed.xml", {'user':nickname.user, 'scraps':scraps}, mimetype="application/rss+xml" )
コード例 #4
0
flag1 = "GoN{flask_default_session_is_weird_and_k33p_s3cr37_k3y_r3ally_s3cur3}"
flag2 = "GoN{I_hate_SQLi73_injec7i0n}"

# flag1 - flask session control due to leaked secret_key

admin_id = "admin"
admin_pw = "super_admin"
admin = User(admin_id, generate_password_hash(admin_pw))
db_session.add(admin)

fname = "f1r57_fl4g"
f = open(f"scraps/{fname}", 'w')
f.write(flag1)
f.close()

flag_scrap1 = Scrap(admin_id, fname, "Here is a flag")
db_session.add(flag_scrap1)

# flag2 - sqlite injection due to poor ORM usage

real_admin_id = "7h3_4dm1n"
real_admin_pw = "v3ry_s3cur3_qlalfqjsgh"
real_admin = User(real_admin_id, generate_password_hash(real_admin_pw))
db_session.add(real_admin)

flag_scrap = Scrap(real_admin_id, flag2, flag2)  # not stored in file
db_session.add(flag_scrap)

db_session.commit()
db_session.remove()