feat: web main page

2025-04-07 12:23:56 +03:00 · 2025-04-07 12:23:56 +03:00 · 7c068e0c89
commit 7c068e0c89
parent 22cdb19d98
4 changed files with 39 additions and 12 deletions
--- a/app.py
+++ b/app.py
@ -51,7 +51,7 @@ def osint():
    return render_template('osint-main.html')

@app.route("/web/sql-injection", methods=('GET', 'POST'))
-def sql():
+def websql():
    if request.method == 'POST':
        login = request.form['login']
        password = request.form['pass']
@ -64,8 +64,24 @@ def sql():
        return redirect(url_for('success_login'), code=302)
    return render_template('sql-injection.html')

+@app.route("/web/idor")
+def webidor():
+    return render_template('idor.html')
+
+@app.route("/web/path-traversal")
+def webpt():
+    return render_template('path-traversal.html')
+
+@app.route("/web/ssti")
+def webssti():
+    return render_template('ssti.html')
+
+@app.route("/web/portswigger-guide")
+def webpsguide():
+    return render_template('portswigger-guide.html')
+
@app.route("/forensic/task1-metadata")
-def task1():
+def forensictask1():
    session['task1_id'] = id = hex(getrandbits(45))[2:]
    session['task1_flag'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
    task1_flag(flag_task1, id)
@ -83,10 +99,6 @@ def task1():
 def forensic_task1():
    return send_file(f'/tmp/task1/{session['task1_id']}.jpg')

-@app.route("/decode-me")
-def decode():
-    return render_template('decode.html')
-
@app.route("/success_login", methods=('GET', 'POST'))
 def success_login():
    flag = session.get('sql_flag')
--- a/templates/decode.html
+++ b/templates/decode.html
@ -1 +0,0 @@
-{% extends '_task.html' %}
--- a/templates/success-sql.html
+++ b/templates/success-sql.html
--- a/templates/web-main.html
+++ b/templates/web-main.html
@ -3,4 +3,20 @@
    <body>
        {% include '_header.html' %}
        {% include '_sidenav.html' %}
+            <div class="container">
+                <div class="small info1 capsule-window">
+                <p class="simpletext">< Задания категории Web ></p>
+                <nav class="navbtn">
+                {%- for name, descr in (
+                    ('websql',    "SQL-инъекция"),
+                    ('webidor',  "Уязвимость IDOR"),
+                    ('webpt', "Уязвимость Path Traversal"),
+                    ('webssti',  "Уязвимость SSTI"),
+                    ('webpsguide',  "PortSwigger и с чем его едят"),
+                ) %}
+                    <a href="{{ url_for(name) }}" class="btn1">{{ descr }}</a>
+                {%- endfor %}
+            </div>
        <img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}">
+    </body>
+</html>