-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrun.py
73 lines (64 loc) · 1.36 KB
/
run.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
from flask import Flask, redirect, request
import re
app = Flask(__name__)
@app.route('/')
def root():
err = "RuntimeError%3a+cannot+join+current+thread"
ret = """<html>
<head>
</head>
<body>
This website is vulnerable to content spoofing. See if you can construct a link that would trick a user to perform an action they wouldn't otherwise do.
<br />
<br />
<br />
<form action="/login">
<table>
<tr>
<td>Email:</td>
<td><input type="text" name="email" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Sign In" /></td>
</tr>
</table>
</form>
</body>
</html>
"""
return ret
@app.route('/login')
def login():
return redirect("/error?msg=Authentication Failed!")
@app.route('/error', methods=['GET'])
def error():
msg = request.args.get("msg")
if msg is None:
return redirect("/")
if len(msg) > 140:
return "Error message cannot contain more than 140 characters."
match = re.search(r'[<>]+', msg)
if match:
return "Invalid characters found.", 400
else:
ret = """<html>
<head>
</head>
<body>
<h2>
The application failed to process the request.
</h2>
<h4 style="color:grey;">
Error message: """+msg+"""
</h4>
</body>
</html>
"""
return ret
if __name__ == "__main__":
app.run(host='0.0.0.0', port=5000, debug=True)