diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2024-09-04 01:10:18 +0200 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2024-09-04 01:10:18 +0200 |
commit | 5a21bf8a591721b2e55927902309daf73248be84 (patch) | |
tree | fbf924e0e57a6f084a3a054c2512e75df8af7bea /iv/orodja/napad/nadzor.py | |
parent | making submission safe again ): separating rce to another process (diff) | |
download | r-5a21bf8a591721b2e55927902309daf73248be84.tar r-5a21bf8a591721b2e55927902309daf73248be84.tar.gz r-5a21bf8a591721b2e55927902309daf73248be84.tar.bz2 r-5a21bf8a591721b2e55927902309daf73248be84.tar.lz r-5a21bf8a591721b2e55927902309daf73248be84.tar.xz r-5a21bf8a591721b2e55927902309daf73248be84.tar.zst r-5a21bf8a591721b2e55927902309daf73248be84.zip |
Diffstat (limited to 'iv/orodja/napad/nadzor.py')
-rwxr-xr-x | iv/orodja/napad/nadzor.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/iv/orodja/napad/nadzor.py b/iv/orodja/napad/nadzor.py new file mode 100755 index 0000000..515aa3e --- /dev/null +++ b/iv/orodja/napad/nadzor.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +from flask import Flask, render_template, request +import os +import sqlite3 +import sys + + +app = Flask(__name__) + +@app.route("/", methods=["GET"]) +def frontend(): + return render_template("frontend.html") + +@app.route("/sql", methods=["POST"]) +def sql(): + with sqlite3.connect(os.getenv("SUBMISSION_DB", "flags.db")) as db: + db.setconfig(sqlite3.SQLITE_DBCONFIG_DEFENSIVE, True) + rows = [] + for row in db.execute(request.data.decode()): + columns = [] + for column in row: + if type(column) == bytes: + columns.append(column.decode("utf-8", errors="surrogateescape")) + else: + columns.append(column) + rows.append(columns) + return rows + +if __name__ == "__main__": + port = 21503 + host = "::" + if len(sys.argv) > 1: + port = int(sys.argv[1]) + if len(sys.argv) > 2: + host = sys.argv[2] + app.run(port=port, debug=True, host=host) |