Chest/CTF-site-project
Chest/CTF-site-project
1
1
Fork 0
Code Issues Pull Requests Activity

feat(web): ssti back

Browse Source
This commit is contained in:
chest 2025-04-10 00:23:44 +03:00
parent 4a639aeb9a
commit a1eb5e8c27
3 changed files with 80 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
app.py
View File

@ -1,10 +1,11 @@
import werkzeug
from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file
from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file, render_template_string
import sqlite3
from random import getrandbits
from func import *
import base64
connection = sqlite3.connect('database.db')
cursor = connection.cursor()
cursor.execute('''
@ -73,9 +74,35 @@ def webidor():
def webpt():
return render_template('path-traversal.html')
@app.route("/web/ssti")
@app.route("/web/ssti", methods=('GET', 'POST'))
def webssti():
return render_template('ssti.html')
id = session.get('ssti_id')
flag = session.get('flag_ssti')
if id not in comments.keys():
session['ssti_id'] = id = hex(getrandbits(45))[2:]
comments[id] = []
session['flag_ssti'] = flag = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
if request.method == 'POST':
if 'user_flag' in request.form.keys():
user_flag = request.form['user_flag']
if user_flag == flag:
return render_template('ssti.html', flag=flag, success_flag='.')
return render_template('ssti.html', flag=flag, error='Ошибка: неверный флаг!')
username = request.form['username']
comment = request.form['user_comment']
comments[id].append((username, comment))
def render(x):
try:
return render_template_string(x, flag=flag)
except:
return x
return render_template('ssti.html', render_template_string=render, comments=comments[id], flag=flag)
comments = {}
@app.route("/web/portswigger-guide")
def webpsguide():

7
static/index.css
View File

@ -168,6 +168,13 @@
align-content: flex-start;
}
.comments {
background-color: rgb(35, 33, 54);
height: 60%;
width: 80%;
text-align: left;
}
.navgoodlinks {
display:flex;
justify-content: start;

43
templates/ssti.html Normal file
View File

@ -0,0 +1,43 @@
{% extends 'utils/_task.html' %}
{% include 'utils/_forensicsidenav.html' %}
{% block content %}
<div id="popup" class="sql-guide capsule-window">
<span class="close-btn usable-context" onclick="hidePopup()">скрыть</span>
</div>
<div class="container">
<div class="small capsule-window info1" style="height: auto">
<p class="simpletext">Приветствую тебя, о сетевой путник! Прошу, оставь упоминание о себе здесь!</p>
<form action="/web/ssti" method="post" class="simpletext">
<div class="small-container" ><p>Имя:<input class="inpt" type="text" name="username" style="width: 100%; height: 1.25rem; margin: 0"></p></div>
<div class="small-container" ><p>Комментарий:<input class="inpt" type="text" name="user_comment" style="width: 100%; height: 1.25rem; margin: 0"></p></div>
<input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
</form>
<div class="comments">
{% for (username, comment) in comments -%}
<p class="header" style="text-align: left">{{ username }}</p>
<p class="mono">{{ render_template_string(comment) }}</p>
{% endfor -%}
</div>
</div>
<div class="flag-input">
<h3 class="header" style="text-align:left">Введите ответ:</h3>
<form action="/web/ssti" method="post" class="simpletext">
<input class="inpt" type="text" name="user_flag" style="width: 100%; height: 1.25rem; margin: 0">
<input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
</form>
</div>
</div>
{% if error %}
<div id="error"> <p>{{ error }}</p> </div>
{% elif success_flag %}
<div class="task-done">
<h1 class="header">Вы прошли задание!</h1>
<img class="done" src="{{ url_for('static', filename='imgs/done_icon.png') }}">
<a href="{{ url_for('forensic') }}" class="usable-context" style="text-align: canter; margin: 1rem; padding: 1rem;"> < Вернуться к заданиям > </a>
</div>
{% endif %}
{% endblock %}