blob: e6bbc8507fc8e07d2b7c94ba434e300c9a4dea60 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#!/usr/bin/env python
import cgi
import json
from bs4 import BeautifulSoup
# Worse code here. Prepare your eyes for this monster.
# Its almost as bad as programming anything in php or even worse javascript.
print('Content-Type: text/html')
# Mode for letting peope inject stuff.
form = cgi.FieldStorage()
unsafe_mode = form.getvalue("unsafe_mode") == "on"
# Hehehe
def check_for_injection(value):
if bool(BeautifulSoup(value, "html.parser").find()) and not unsafe_mode:
return """
This silly silly tried to hack this website lmao.
<a href=\"?unsafe_mode=on\">Click to see the website with the hack</a>
"""
return value
def create_blahaj_tables():
try:
tables_html = """
<h1>Blahaj list!!!!!</h1>
<table border="1" width="50%">
<tr>
<td>
<h3><a href=\"../submit_blahaj_info.html\">Submit yours here if you haven't already!</a></h3>
<h3><a href=\"../blahajRoom.html\">Back to blahaj room</a></h3>
</td>
</tr>
</table>
<br/>
"""
with open("blahaj_info.json", "r") as fp:
blahaj_list = json.load(fp)
for blahaj in blahaj_list[::-1]:
current_table = """
<table border="1" width="50%">
<tr>
<td>
<!-- Great place for an injection hint hint -->
<h2>put_name_here</h2>
<p>Date submitted: put_date_here</p>
</td>
</tr>
<tr>
<td>
<p>put_info_here</p>
</td>
</tr>
</table>
"""
current_table = current_table.replace("put_name_here", check_for_injection(blahaj["name"]))
current_table = current_table.replace("put_info_here", check_for_injection(blahaj["info"]))
current_table = current_table.replace("put_date_here", check_for_injection(blahaj["date"]))
tables_html += current_table
return tables_html
except FileNotFoundError: # No blahaj's yet
return """
<table border="1">
<tr>
<td>
<h1>No blahaj's found ):</h1>
<h2>Yours could be first tho :3</h2>
<h3><a href=\"../submit_blahaj_info.html\">Submit yours here</a></h3>
</td>
</tr>
</table>
"""
html_text = """
<!DOCTYPE html>
<html>
<head>
<title>hehehe</title>
<style>
body {
color: black;
background-image: url('../images/blahaj_background.jpg');
}
table {
color: black;
background-color: #bebebe;
margin-top: 10px;
margin-bottom: 10px;
margin-left: 10px;
margin-right: 10px;
}
</style>
</head>
<body>
<center>
thing_to_replace
</center>
</body>
</html>
"""
tables = create_blahaj_tables()
html_text = html_text.replace("thing_to_replace", tables)
print(html_text)
|
