Chest/CTF-site-project
Chest/CTF-site-project
1
1
Fork 0
Code Issues Pull Requests Activity

feat: sql-task get flag

Browse Source
This commit is contained in:
chest 2025-02-03 00:19:41 +03:00 committed by Sweetbread
parent f102fe8014
commit 5a768a56bf
4 changed files with 70 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app.py
View File

@ -1,6 +1,7 @@
import werkzeug
from flask import Flask, render_template, request, url_for, session, redirect, g, abort
import sqlite3
from random import getrandbits
connection = sqlite3.connect('database.db')
cursor = connection.cursor()
@ -46,7 +47,7 @@ def sql():
user = cursor.fetchone()
if not user:
return render_template('sql-injection.html', error='Ошибка: неверный логин или пароль')
session['success_login'] = True
session['sql_flag'] = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
return redirect(url_for('success_login'), code=302)
return render_template('sql-injection.html')
@ -58,10 +59,15 @@ def found():
def decode():
return render_template('decode.html')
@app.route("/success_login")
@app.route("/success_login", methods=('GET', 'POST'))
def success_login():
if session.get('success_login'):
return render_template('success.html')
if request.method == 'POST':
user_flag = request.form['user_flag']
if user_flag == session.get('sql_flag'):
return render_template('success.html', success_flag='.')
return render_template('success.html', error='Ошибка: неверный флаг!')
if flag := session.get('sql_flag'):
return render_template('success.html', flag=flag)
abort(404)
@app.errorhandler(werkzeug.exceptions.NotFound)

47
static/index.css
View File

@ -13,17 +13,51 @@
overflow-y: auto;
}
.task-done {
position: absolute;
position-area: center;
width: 100%;
height: 100%;
background-color: rgba(0,0,0,0.90);
}
::-webkit-scrollbar {
display: none;
}
.divv {
background-color: rgb(0 0 0 / 85%);
border: dashed rgba(225, 225, 225, 0.75);
border-width: 2px 3px;
border-radius: 2rem/2rem;
box-sizing: border-box;
margin-left: 2rem;
margin-top: 2rem;
}
.profile {
width: fit-content;
height: fit-content;
max-width: 40rem;
margin: 3.5rem 0rem;
padding: 0.7rem 2rem;
background-color: rgba(0,0,0, 0.85);
text-align: left;
}
.flag-input {
width: 20rem;
max-width: 40rem;
height: fit-content;
padding: 0.7rem 2rem;
padding-bottom: 1rem;
margin: 3.5rem 2rem ;
background-color: rgba(0,0,0, 0.85);
text-align: left;
border: dashed 0.13rem rgba(225,225,225,0.8);
border-radius: 2%;
}
.close-btn {
display: block;
@ -38,8 +72,8 @@
}
.inpt {
width: 15vw;
height: 1vw;
width: 60%;
height: 1.2rem;
box-shadow: 0.27em 0.27em 0em 0px rgba(186, 65, 166, 0.6);
border: none;
transition: 0.3s;
@ -116,15 +150,6 @@
}
.divv {
background-color: rgb(0 0 0 / 85%);
border: dashed rgba(225, 225, 225, 0.75);
border-width: 2px 3px;
border-radius: 2rem/2rem;
box-sizing: border-box;
margin-left: 2rem;
margin-top: 2rem;
}
#sqlInpt {
position: relative;

2
templates/sql-injection.html
View File

@ -20,7 +20,7 @@ cursor.execute(f'SELECT * FROM Users WHERE login == "{login}" AND password == "{
<div class="divv" id="sqlInpt">
<form action="sql-injection" method="post" class="simpletext">
<p class="simpletext">Попробуй войти от имени админа,<br />
используя уязвимость <abbr class="hltext" title="Смотри подсказку(кнопка снизу слева)">SQL-инъекции</abbr></p>
используя уязвимость. Найдите флаг<abbr class="hltext" title="Смотри подсказку(кнопка снизу слева)">SQL-инъекции</abbr></p>
<div class="small-container" ><p>Логин: <p class="hidden">.</p> </p> <input type="text" name="login" class="inpt" /></div>
<div class="small-container"><p>Пароль:</p> <input type="password" name="pass" class="inpt"/></div>
<input type="submit" value="Submit" class="btn1" />

30
templates/success.html
View File

@ -3,16 +3,32 @@
{% include '_head.html' %}
<body>
{% include '_header.html' %}
<div class="profile">
<h2 class="header" style="text-align:left">Ваш Профиль:</h2>
<p class="simpletext" style="text-align:left">Логин: <span class="context">admin</span></p>
<p class="simpletext" style="text-align:left">Почта: <span class="context">supercooladmin@coders-squad.com</span></p>
<p class="simpletext" style="text-align:left">О себе:</p>
<p class="mono" style="text-align:left">Я самый надёжный и крутой админ в мире.<span class="hidden">me0w{SqlT4skFl4g}</span><br/>ВЫДЕЛИ МЕНЯ! </p>
<div class="container" style="max-width:70%; justify-content: space-between;min-width: 40rem; flex-wrap: nowrap">
<div class="profile">
<h2 class="header" style="text-align:left">Ваш Профиль:</h2>
<p class="simpletext" style="text-align:left">Логин: <span class="context">admin</span></p>
<p class="simpletext" style="text-align:left">Почта: <span class="context">supercooladmin@coders-squad.com</span></p>
<p class="simpletext" style="text-align:left">О себе:</p>
<p class="mono" style="text-align:left">Я самый надёжный и крутой админ в мире.<span class="hidden">{{ flag }}</span><br/>ВЫДЕЛИ МЕНЯ! </p>
</div>
<div class="flag-input ">
<h3 class="header" style="text-align:left">Введите ответ:</h3>
<form action="success_login" method="post" class="simpletext">
<input class="inpt" type="text" name="user_flag" style="width: 100%; height: 1.25rem; margin: 0">
<input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
</div>
</div>
{% include '_sidenav.html' %}
<div id="success"> <p>Вход произведён успешно!</p> </div>
{% if error %}
<div id="error"> <p>{{ error }}</p> </div>
{% elif success_flag %}
<div class="task-done">
<p class="simpletext" style="position-area: center">В прошли задание! выбор следующих и кошки</p>
</div>
{% else %}
<div id="success"> <p>Вход произведён успешно!</p> </div>
{% endif %}
</body>