classindex: defGET(self): return"welcome to the backend!"
classbackdoor: defPOST(self): data = web.data() # fix this backdoor ifb"BackdoorPasswordOnlyForAdmin"in data: return"You are an admin!" else: data = base64.b64decode(data) pickle.loads(data) return"Done!"
@app.route('/backend', methods=['GET', 'POST']) defproxy_to_backend(): forward_url = "python-backend:8080" conn = http.client.HTTPConnection(forward_url) method = request.method headers = {key: value for (key, value) in request.headers if key != "Host"} data = request.data path = "/" if request.query_string: path += "?" + request.query_string.decode() conn.request(method, path, body=data, headers=headers) response = conn.getresponse() return response.read()
@app.route('/admin', methods=['GET', 'POST']) defadmin(): token = request.cookies.get('token') if token and verify_token(token): if request.method == 'POST': if jwt.decode(token, algorithms=['HS256'], options={"verify_signature": False})['isadmin']: forward_url = "python-backend:8080" conn = http.client.HTTPConnection(forward_url) method = request.method headers = {key: value for (key, value) in request.headers if key != 'Host'} data = request.data path = "/" if request.query_string: path += "?" + request.query_string.decode() if headers.get("Transfer-Encoding", "").lower() == "chunked": data = "{}\r\n{}\r\n0\r\n\r\n".format(hex(len(data))[2:], data.decode()) if"BackdoorPasswordOnlyForAdmin"notin data: return"You are not an admin!" conn.request(method, "/backdoor", body=data, headers=headers) return"Done!" else: return"You are not an admin!" else: if jwt.decode(token, algorithms=['HS256'], options={"verify_signature": False})['isadmin']: return"Welcome admin!" else: return"You are not an admin!" else: return redirect("/login", code=302)
defget_key(kid): key = "" dir = "/app/" try: withopen(dir+kid, "r") as f: key = f.read() except: pass print(key) return key
classindex: defGET(self): return"welcome to the backend!"
classbackdoor: defPOST(self): data = web.data() # fix this backdoor ifb"BackdoorPasswordOnlyForAdmin"in data: return"You are an admin!" else: data = base64.b64decode(data) pickle.loads(data) return"Done!"
if __name__ == "__main__": app = Myapplication(urls, globals()) app.run(port=8888)