fix: main-icon

2025-04-03 22:23:02 +03:00 · 2025-04-03 22:23:02 +03:00 · 5ce2555f95
commit 5ce2555f95
parent be7ab45fe5
3 changed files with 13 additions and 0 deletions
--- a/app.py
+++ b/app.py
@ -57,6 +57,14 @@ def found():
    session['task1_id'] = id = hex(getrandbits(45))[2:]
    session['task1_flag'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
    task1_flag(flag_task1, id)
+    if request.method == 'POST':
+        user_flag = request.form['user_flag']
+        if user_flag == flag_task1:
+            return render_template('found.html', flag=flag_task1, success_flag='.')
+        return render_template('found.html', flag=flag_task1, error='Ошибка: неверный флаг!')
+    if flag_task1:
+        return render_template('found.html', flag=flag_task1)
+    abort(404)
    return render_template('found.html')

@app.route("/found-me/task1")
--- a/static/imgs/main_icon.png
+++ b/static/imgs/main_icon.png
--- a/templates/found.html
+++ b/templates/found.html
@ -11,5 +11,10 @@
            <input class="inpt" type="text" name="user_flag" style="width: 100%; height: 1.25rem; margin: 0">
            <input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
    </div>
+    <div id="popup" class="sql-guide capsule-window">
+            <p class="simpletext"style="text-align: left"><a class="hltext" href="https://book.hacktricks.wiki/en/pentesting-web/sql-injection/index.html?highlight=sql%20inje#what-is-sql-injection">SQL-инъекция</a> - уязвимость системы, позволяющая пользователю ввести вредоносный код в SQL-запрос.<br />
+
+            <span class="close-btn usable-context" onclick="hidePopup()">скрыть</span>
+        </div>
 </div>
 {% endblock %}