From 5a768a56bf75952f4b7bb3b5b9a8b614db4ff997 Mon Sep 17 00:00:00 2001
From: chest <e.a.sunduk@gmail.com>
Date: Mon, 3 Feb 2025 00:19:41 +0300
Subject: [PATCH] feat: sql-task get flag

---
 app.py                       | 14 ++++++++---
 static/index.css             | 47 +++++++++++++++++++++++++++---------
 templates/sql-injection.html |  2 +-
 templates/success.html       | 30 +++++++++++++++++------
 4 files changed, 70 insertions(+), 23 deletions(-)

diff --git a/app.py b/app.py
index 3b859a6..a85fe5e 100644
--- a/app.py
+++ b/app.py
@@ -1,6 +1,7 @@
 import werkzeug
 from flask import Flask, render_template, request, url_for, session, redirect, g, abort
 import sqlite3
+from random import getrandbits
 
 connection = sqlite3.connect('database.db')
 cursor = connection.cursor()
@@ -46,7 +47,7 @@ def sql():
         user = cursor.fetchone()
         if not user:
             return render_template('sql-injection.html', error='Ошибка: неверный логин или пароль')
-        session['success_login'] = True
+        session['sql_flag'] = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
         return redirect(url_for('success_login'), code=302)
     return render_template('sql-injection.html')
 
@@ -58,10 +59,15 @@ def found():
 def decode():
     return render_template('decode.html')
 
-@app.route("/success_login")
+@app.route("/success_login", methods=('GET', 'POST'))
 def success_login():
-    if session.get('success_login'):
-        return render_template('success.html')
+    if request.method == 'POST':
+        user_flag = request.form['user_flag']
+        if user_flag == session.get('sql_flag'):
+            return render_template('success.html', success_flag='.')
+        return render_template('success.html', error='Ошибка: неверный флаг!')
+    if flag := session.get('sql_flag'):
+        return render_template('success.html', flag=flag)
     abort(404)
 
 @app.errorhandler(werkzeug.exceptions.NotFound)
diff --git a/static/index.css b/static/index.css
index db3b962..a32223c 100644
--- a/static/index.css
+++ b/static/index.css
@@ -13,17 +13,51 @@
     overflow-y: auto;
 }
 
+.task-done {
+    position: absolute;
+    position-area: center;
+    width: 100%;
+    height: 100%;
+    background-color: rgba(0,0,0,0.90);
+}
+
 ::-webkit-scrollbar {
     display: none;
 }
 
+.divv {
+    background-color: rgb(0 0 0 / 85%);
+    border: dashed rgba(225, 225, 225, 0.75);
+    border-width: 2px 3px;
+    border-radius: 2rem/2rem;
+    box-sizing: border-box;
+    margin-left: 2rem;
+    margin-top: 2rem;
+}
+
 .profile {
     width: fit-content;
+    height: fit-content;
     max-width: 40rem;
     margin: 3.5rem 0rem;
     padding: 0.7rem 2rem;
     background-color: rgba(0,0,0, 0.85);
     text-align: left;
+}
+
+.flag-input {
+    width: 20rem;
+    max-width: 40rem;
+    height: fit-content;
+    padding: 0.7rem 2rem;
+    padding-bottom: 1rem;
+    margin: 3.5rem 2rem ;
+    background-color: rgba(0,0,0, 0.85);
+    text-align: left;
+    border: dashed 0.13rem rgba(225,225,225,0.8);
+    border-radius: 2%;
+}
+
 
 .close-btn {
     display: block;
@@ -38,8 +72,8 @@
 }
 
 .inpt {
-    width: 15vw;
-    height: 1vw;
+    width: 60%;
+    height: 1.2rem;
     box-shadow: 0.27em 0.27em 0em 0px rgba(186, 65, 166, 0.6);
     border: none;
     transition: 0.3s;
@@ -116,15 +150,6 @@
 
 }
 
-.divv {
-    background-color: rgb(0 0 0 / 85%);
-    border: dashed rgba(225, 225, 225, 0.75);
-    border-width: 2px 3px;
-    border-radius: 2rem/2rem;
-    box-sizing: border-box;
-    margin-left: 2rem;
-    margin-top: 2rem;
-}
 
 #sqlInpt {
     position: relative;
diff --git a/templates/sql-injection.html b/templates/sql-injection.html
index afd8d8e..1fd7f51 100644
--- a/templates/sql-injection.html
+++ b/templates/sql-injection.html
@@ -20,7 +20,7 @@ cursor.execute(f'SELECT * FROM Users WHERE login == "{login}" AND password == "{
         <div class="divv" id="sqlInpt">
             <form action="sql-injection" method="post" class="simpletext">
                 <p class="simpletext">Попробуй войти от имени админа,<br />
-                    используя уязвимость <abbr class="hltext" title="Смотри подсказку(кнопка снизу слева)">SQL-инъекции</abbr></p>
+                    используя уязвимость. Найдите флаг<abbr class="hltext" title="Смотри подсказку(кнопка снизу слева)">SQL-инъекции</abbr></p>
                 <div class="small-container" ><p>Логин: <p class="hidden">.</p> </p> <input type="text" name="login" class="inpt" /></div>
                 <div class="small-container"><p>Пароль:</p> <input type="password" name="pass" class="inpt"/></div>
                 <input type="submit" value="Submit" class="btn1" />
diff --git a/templates/success.html b/templates/success.html
index 0a5cee3..2a3c3bf 100644
--- a/templates/success.html
+++ b/templates/success.html
@@ -3,16 +3,32 @@
     {% include '_head.html' %}
 <body>
     {% include '_header.html' %}
-    <div class="profile">
-        <h2 class="header" style="text-align:left">Ваш Профиль:</h2>
-        <p class="simpletext" style="text-align:left">Логин: <span class="context">admin</span></p>
-        <p class="simpletext" style="text-align:left">Почта: <span class="context">supercooladmin@coders-squad.com</span></p>
-        <p class="simpletext" style="text-align:left">О себе:</p>
-        <p class="mono" style="text-align:left">Я самый надёжный и крутой админ в мире.<span class="hidden">me0w{SqlT4skFl4g}</span><br/>ВЫДЕЛИ МЕНЯ! </p>
+    <div class="container" style="max-width:70%; justify-content: space-between;min-width: 40rem; flex-wrap: nowrap">
+        <div class="profile">
+            <h2 class="header" style="text-align:left">Ваш Профиль:</h2>
+            <p class="simpletext" style="text-align:left">Логин: <span class="context">admin</span></p>
+            <p class="simpletext" style="text-align:left">Почта: <span class="context">supercooladmin@coders-squad.com</span></p>
+            <p class="simpletext" style="text-align:left">О себе:</p>
+            <p class="mono" style="text-align:left">Я самый надёжный и крутой админ в мире.<span class="hidden">{{ flag }}</span><br/>ВЫДЕЛИ МЕНЯ! </p>
+        </div>
+        <div class="flag-input ">
+            <h3 class="header" style="text-align:left">Введите ответ:</h3>
+            <form action="success_login" method="post" class="simpletext">
+                <input class="inpt" type="text" name="user_flag" style="width: 100%; height: 1.25rem; margin: 0">
+                <input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
+        </div>
     </div>
     {% include '_sidenav.html' %}
-    <div id="success"> <p>Вход произведён успешно!</p> </div>
 
+    {% if error %}
+        <div id="error"> <p>{{ error }}</p> </div>
+    {% elif success_flag %}
+        <div class="task-done">
+            <p class="simpletext" style="position-area: center">В прошли задание! выбор следующих и кошки</p>
+        </div>
+    {% else %}
+        <div id="success"> <p>Вход произведён успешно!</p> </div>
+    {% endif %}
 
 
 </body>