Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CSRF-Samesite challenge and write-up (#45)
* SQL blind implemented * JWT-null implemented * JWT-Null Git Book * Sync * Sync * Fix summary * Fix summary * SQL-Like, JWT fix * SQL-Like md fix * SQLi Blind + other fixes * SQL-blind fix * Formula Injection * Formula Injection * sync * CSRF-Samesite challenge and write-up * CSRF-SameSite write-up fix
- Loading branch information
1 parent
7d2d17e
commit a371189
Showing
59 changed files
with
15,604 additions
and
9 deletions.
There are no files selected for viewing
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
from models.sqlimodel import * | ||
from flask import Flask, request, url_for, render_template, redirect, make_response, request, session | ||
|
||
|
||
app = Flask(__name__, static_url_path='/static', static_folder='static') | ||
|
||
app.config['DEBUG'] = True | ||
|
||
app.config.update(dict( | ||
SECRET_KEY= "woopie", | ||
SESSION_COOKIE_HTTPONLY = True | ||
)) | ||
# Load default config and override config from an environment variable | ||
# You can also replace password with static password: PASSWORD='pass!@#example' | ||
|
||
|
||
|
||
@app.route("/") | ||
def start(): | ||
return render_template("index.html") | ||
|
||
@app.route("/login_insecure", methods=['GET', 'POST']) | ||
def login_insecure(): | ||
sqli = Classes() | ||
values = sqli.getUser(request.form['username']) | ||
if values: | ||
if values[0][2] == request.form['password']: | ||
session['userId'] = values[0][0] | ||
session['loggedin'] = True | ||
pref = sqli.getColor(values[0][0]) | ||
color = pref[0][0] | ||
return render_template("loggedin.html", color = color) | ||
return render_template("index.html") | ||
|
||
@app.route("/login_strict", methods=['GET', 'POST']) | ||
def login_strict(): | ||
app.config.update(dict( | ||
SESSION_COOKIE_SAMESITE = 'Strict' | ||
)) | ||
sqli = Classes() | ||
values = sqli.getUser(request.form['username']) | ||
if values: | ||
if values[0][2] == request.form['password']: | ||
session['userId'] = values[0][0] | ||
session['loggedin'] = True | ||
pref = sqli.getColor(values[0][0]) | ||
color = pref[0][0] | ||
return render_template("loggedin.html", color = color) | ||
return render_template("index.html") | ||
|
||
@app.route("/login_lax", methods=['GET', 'POST']) | ||
def login_lax(): | ||
app.config.update(dict( | ||
SESSION_COOKIE_SAMESITE = 'Lax' | ||
)) | ||
sqli = Classes() | ||
values = sqli.getUser(request.form['username']) | ||
if values: | ||
if values[0][2] == request.form['password']: | ||
session['userId'] = values[0][0] | ||
session['loggedin'] = True | ||
pref = sqli.getColor(values[0][0]) | ||
color = pref[0][0] | ||
return render_template("loggedin.html", color = color) | ||
return render_template("index.html") | ||
|
||
@app.route("/update", methods=['POST', 'GET']) | ||
def update(): | ||
if not session.get('loggedin'): | ||
return render_template('index.html') | ||
sqli = Classes() | ||
|
||
if request.method == "POST": | ||
sqli.updateColor(request.form['color'], session.get('userId')) | ||
|
||
if request.method == "GET" and (request.args.get('color') is not None): | ||
sqli.updateColor(request.args['color'], session.get('userId')) | ||
|
||
pref = sqli.getColor(session.get('userId')) | ||
color = pref[0][0] | ||
return render_template("loggedin.html", color = color) | ||
|
||
@app.errorhandler(404) | ||
def page_not_found(e): | ||
return render_template("404.html") | ||
|
||
if __name__ == "__main__": | ||
app.run(host='0.0.0.0') |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
FROM alpine:3.7 | ||
MAINTAINER Glenn ten Cate <glenn.ten.cate@owasp.org> | ||
RUN apk update --no-cache && apk add python3 \ | ||
python3-dev \ | ||
py3-pip \ | ||
git \ | ||
bash | ||
|
||
RUN git clone https://github.com/blabla1337/skf-labs.git | ||
WORKDIR /skf-labs/CSRF-Samesite | ||
RUN pip3 install -r requirements.txt | ||
CMD [ "python3", "./CSRF-Samesite.py" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/usr/bin/python | ||
|
||
from core import * |
Binary file not shown.
0
SQLI/Database.db → CSRF-SameSite/config/__init__.py
100644 → 100755
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/usr/bin/python | ||
# -*- coding: utf-8 -*- | ||
|
||
import sqlite3 as lite | ||
import sys | ||
|
||
con = lite.connect('Database.db') | ||
|
||
with con: | ||
|
||
cur = con.cursor() | ||
|
||
#Create data for the user table | ||
cur.execute("CREATE TABLE users(UserId INT, UserName TEXT, Password TEXT)") | ||
cur.execute("INSERT INTO users VALUES(1,'admin','admin')") | ||
|
||
|
||
#Create some data for pageinformation | ||
cur.execute("CREATE TABLE prefs(PreferenceId INT, Color TEXT, UserId)") | ||
cur.execute("INSERT INTO prefs VALUES(1,'RED', 1)") | ||
|
||
con.commit() | ||
#con.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
import sqlite3 | ||
|
||
def database_con(): | ||
with sqlite3.connect("Database.db") as con: | ||
cur = con.cursor() | ||
return con |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
from flask import Flask, request, url_for, render_template, redirect, make_response | ||
import requests | ||
|
||
|
||
app = Flask(__name__, static_url_path='/static', static_folder='static') | ||
|
||
app.config['DEBUG'] = True | ||
|
||
@app.route("/") | ||
def start(): | ||
return render_template("evil.html") | ||
|
||
if __name__ == "__main__": | ||
app.run(host='0.0.0.0', port=1337) | ||
|
||
|
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
from config.sqlite import * | ||
|
||
class Classes: | ||
|
||
def getUser(self, username): | ||
db = database_con() | ||
cur = db.execute('SELECT UserId, Username, Password FROM users WHERE Username= ?', | ||
[username]) | ||
return cur.fetchall() | ||
|
||
def getColor(self, userId): | ||
db = database_con() | ||
cur = db.execute('SELECT Color FROM prefs WHERE UserId=?', | ||
[userId]) | ||
return cur.fetchall() | ||
|
||
def updateColor(self, color, userId): | ||
db = database_con() | ||
cur = db.execute('UPDATE prefs SET Color=? WHERE UserId=?', | ||
[color, userId]) | ||
db.commit() | ||
return cur.fetchall() | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Flask==1.0.0 | ||
flask-cors==3.0.7 | ||
requests==2.19.1 | ||
Werkzeug==0.14.1 |
Oops, something went wrong.