def upload():
try:
comment = urlopen(request.form['url']).read(1024 * 1024)
open("/var/tmp/comments/%s.file" % hash(comment).encode("hex"),
"w").write(comment)
return comment
except:
return render_template_string(bad)
def comments():
try:
encoded = request.form['comment']
encoded.replace("\n", "\r")
ber = encoded.decode("hex")
except TypeError:
return render_template_string(bad)
f = "/var/tmp/comments/%s.txt" % hash(ber).encode("hex")
out_text = str(decode(ber))
open(f, "w").write(out_text)
if is_unsafe(out_text):
return render_template_string(unsafe)
commentt = comment % open(f).read()
return render_template_string(commentt,
comment=out_text.replace("\n", "<br/>"))
# character to replace at their position for collision
replace = {'{': 'z;[ks\x7fy', '}': '|=]muy\x7f', '/': ".o\x0f?'+-"}
sevens = [
content[i:i + 7].ljust(7, "\x00") for i in xrange(0, len(content), 7)
]
string = ""
for s in sevens:
for i in xrange(len(s)):
c = s[i]
if c in replace:
string += replace[c][(i + n) % 7]
else:
string += c
#MEGA FIX
string = string[:-n]
print(repr(content))
print(repr(string))
#'a{{config.from_pyfile( "../../tmp/comments/dd31b4dc454c6ec7e01476e02f8eeac4.file") }}aaaa'
#'aksconfig.from_pyfile( ".....?tmp.comments\x0fdd31b4dc454c6ec7e01476e02f8eeac4.file") =]aaaa'
asnc = encode(OctetString(content))
asns = encode(OctetString(string))
# (OctetString(tagSet=TagSet((), Tag(tagClass=0, tagFormat=0, tagId=4)), hexValue='616b73636f6e6669672e66726f6d5f707966696c652820222e2e2e2e2e3f746d702e636f6d6d656e74730f64643331623464633435346336656337653031343736653032663865656163342e66696c652229203d5d61616161'), '')
# (OctetString('a{{config.from_pyfile( "../../tmp/comments/dd31b4dc454c6ec7e01476e02f8eeac4.file") }}aaaa', tagSet=TagSet((), Tag(tagClass=0, tagFormat=0, tagId=4))), '')
assert (hash(asnc) == hash(asns))
print("YUP")