web(baby-flask, master-flask, loooong) - flasks: make path_traversal …

…accesible via a GET request, loooong: put the flag in the body of the redirect
cybermouflons · Jul 3, 2024 · 95e4194 · 95e4194
1 parent b5f6b76
commit 95e4194
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 33 deletions.
diff --git a/web/baby-flask/docker-compose.yml b/web/baby-flask/docker-compose.yml
@@ -10,6 +10,5 @@ services:
     environment:
       - FLASK_APP=/app/app.py
       - FLASK_ENV=development
-    volumes:
-      - /etc/machine-id:/etc/machine-id
+    # volumes:
     #   - ./setup/app:/app
diff --git a/web/baby-flask/setup/app/app.py b/web/baby-flask/setup/app/app.py
@@ -18,9 +18,9 @@ def get_file():
     # python was made to be easy, don't complicate things
     with open(filename, 'r') as f:
         file = f.read()
-    
+
     return file
 
 if __name__ == '__main__':
     # I enabled debug mode so I can debug using /console
-    app.run('127.0.0.1', 5000, debug=True)
+    app.run('0.0.0.0', 5000, debug=True)
diff --git a/web/baby-flask/setup/app/templates/index.html b/web/baby-flask/setup/app/templates/index.html
@@ -1,26 +1,33 @@
-{% extends "layout.html" %}
-
-{% block content %}
+{% extends "layout.html" %} {% block content %}
 <div class="container my-5">
-    <h1 class="text-center text-neon">Welcome to my Flask File Manager</h1>
+	<h1 class="text-center text-neon">Welcome to my Flask File Manager</h1>
 
-    <div class="card bg-dark mt-4">
-        <div class="card-header text-neon">
-            <h3>Have a look at my files</h3>
-        </div>
-        <div class="card-body">
-            <h4 class="text-neon">Click on a file to view it!</h4>
-            <ul class="list-group">
-                {% for file in files %}
-                <li class="list-group-item bg-dark border-light">
-                    <form action="/get_file" method="post" class="d-inline">
-                        <input type="hidden" name="filename" value="/app/files/{{ file }}">
-                        <button type="submit" class="btn btn-link text-neon">{{ file }}</button>
-                    </form>
-                </li>
-                {% endfor %}
-            </ul>
-        </div>
-    </div>
+	<div class="card bg-dark mt-4">
+		<div class="card-header text-neon">
+			<h3>Have a look at my files</h3>
+		</div>
+		<div class="card-body">
+			<h4 class="text-neon">Click on a file to view it!</h4>
+			<ul class="list-group">
+				{% for file in files %}
+				<li class="list-group-item bg-dark border-light">
+					<a href="/get_file?filename=/app/files/{{ file }}" class="text-neon"
+						>{{ file }}</a
+					>
+					<!-- <form action="/get_file" method="post" class="d-inline">
+						<input
+							type="hidden"
+							name="filename"
+							value="/app/files/{{ file }}"
+						/>
+						<button type="submit" class="btn btn-link text-neon">
+							{{ file }}
+						</button>
+					</form> -->
+				</li>
+				{% endfor %}
+			</ul>
+		</div>
+	</div>
 </div>
 {% endblock %}
diff --git a/web/flask-master/docker-compose.yml b/web/flask-master/docker-compose.yml
@@ -10,6 +10,5 @@ services:
     environment:
       - FLASK_APP=/app/app.py
       - FLASK_ENV=development
-    volumes:
-      - /etc/machine-id:/etc/machine-id
+    # volumes:
     #   - ./setup/app:/app
diff --git a/web/flask-master/setup/app/app.py b/web/flask-master/setup/app/app.py
@@ -17,4 +17,4 @@ def get_file():
         return f.read()
 
 if __name__ == '__main__':
-    app.run('127.0.0.1', 5000, debug=True)
+    app.run('0.0.0.0', 5000, debug=True)
diff --git a/web/flask-master/setup/app/templates/index.html b/web/flask-master/setup/app/templates/index.html
@@ -11,7 +11,10 @@ <h4 class="text-neon">Click on a file to view it!</h4>
 			<ul class="list-group">
 				{% for file in files %}
 				<li class="list-group-item bg-dark border-light">
-					<form action="/get_file" method="post" class="d-inline">
+					<a href="/get_file?filename=/app/files/{{ file }}" class="text-neon"
+						>{{ file }}</a
+					>
+					<!-- <form action="/get_file" method="post" class="d-inline">
 						<input
 							type="hidden"
 							name="filename"
@@ -20,7 +23,7 @@ <h4 class="text-neon">Click on a file to view it!</h4>
 						<button type="submit" class="btn btn-link text-neon">
 							{{ file }}
 						</button>
-					</form>
+					</form> -->
 				</li>
 				{% endfor %}
 			</ul>

diff --git a/web/looooong/setup/app/app.py b/web/looooong/setup/app/app.py
@@ -13,9 +13,9 @@ def index():
 def magic():
     response_headers = {
         'Location': url_for('end'),
-        'Flag': FLAG
+        'Content-Type': 'text/html; charset=utf-8'
     }
-    response = make_response('', 302)
+    response = make_response(render_template('flag.html', flag=FLAG), 302)
     response.headers = response_headers
     return response
 

diff --git a/web/looooong/setup/app/templates/flag.html b/web/looooong/setup/app/templates/flag.html
@@ -0,0 +1 @@
+{{flag}}