challenges.py (3770B)
1 from flask import Blueprint, render_template, request, redirect, abort 2 from blueprints.utils import crypto 3 from blueprints.utils import database 4 import logging 5 6 challenges_bp = Blueprint("challenges", __name__, template_folder="templates", static_folder="static", static_url_path="/challenges/static/") 7 8 challenge_1_solutions = ["<img src=# onerror=alert(1)>", "<script>alert(1)</script>"] 9 challenge_2_solutions = ["' OR 1=1 #", "' OR 1=1--", "' OR 1=1/*"] 10 11 @challenges_bp.route("/<challenge_id>", methods=["GET", "POST"]) 12 @crypto.require_token 13 def challenge(challenge_id, jwt_data): 14 if database.is_banned(jwt_data["username"]): 15 logging.info(f"User {jwt_data['username']} tried to access challenge {challenge_id} while banned") 16 return abort(403) 17 18 if database.challenge_disabled(int(challenge_id)): 19 logging.warning(f"User {jwt_data['username']} tried to access disabled challenge {challenge_id}") 20 return abort(404) 21 22 if challenge_id == "1": 23 return handle_challenge_1(jwt_data) 24 if challenge_id == "2": 25 return handle_challenge_2(jwt_data) 26 if challenge_id == "3": 27 return redirect("/challenge/3/uid/69") 28 else: 29 return abort(404) 30 31 def handle_challenge_1(jwt_data): 32 if request.method == "POST": 33 user_input = request.form.get("input", None) 34 if user_input is None: 35 return redirect("/challenge/1") 36 if user_input in challenge_1_solutions: 37 user_id = database.get_user_id(jwt_data["username"]) 38 database.add_solve(1, user_id) 39 logging.info(f"User {jwt_data['username']} solved challenge 1") 40 return render_template("challenges/challenge1.html", user_data=jwt_data, to_render=None, flag=database.get_flag(1)) 41 else: 42 logging.info(f"User {jwt_data['username']} inputted {user_input} into challenge 1") 43 return render_template("challenges/challenge1.html", user_data=jwt_data, to_render=user_input, flag=None) 44 45 if request.method == "GET": 46 return render_template("challenges/challenge1.html", user_data=jwt_data, to_render=None, flag=None) 47 48 return redirect("/challenge/1") 49 50 def handle_challenge_2(jwt_data): 51 if request.method == "POST": 52 user_input = request.form.get("input", None) 53 if user_input is None: 54 return redirect("/challenge/2") 55 if user_input in challenge_2_solutions: 56 user_id = database.get_user_id(jwt_data["username"]) 57 database.add_solve(2, user_id) 58 logging.info(f"User {jwt_data['username']} solved challenge 2") 59 return render_template("challenges/challenge2.html", user_data=jwt_data, input_given=False, success=True, flag=database.get_flag(2)) 60 else: 61 logging.info(f"User {jwt_data['username']} inputted {user_input} into challenge 2") 62 return render_template("challenges/challenge2.html", user_data=jwt_data, input_given=True, success=False, flag=None) 63 64 if request.method == "GET": 65 return render_template("challenges/challenge2.html", user_data=jwt_data, input_given=None, success=False, flag=None) 66 67 return redirect("/challenge/2") 68 69 @challenges_bp.route("3/uid/<user_id>", methods=["GET"]) 70 @crypto.require_token 71 def challenge_3(user_id, jwt_data): 72 if user_id != "1": 73 logging.info(f"User {jwt_data['username']} accessed challenge3 with user_id {user_id}") 74 return render_template("challenges/challenge3.html", user_data=jwt_data, flag=None) 75 else: 76 database.add_solve(3, database.get_user_id(jwt_data["username"])) 77 logging.info(f"User {jwt_data['username']} solved challenge 3") 78 return render_template("challenges/challenge3.html", user_data=jwt_data, flag=database.get_flag(3))