/loginme.js
Secret
Created Apr 2, 2018
| var express = require('express') | |
| var app = express() | |
| var bodyParser = require('body-parser') | |
| app.use(bodyParser.urlencoded({})); | |
| var path = require("path"); | |
| var moment = require('moment'); | |
| var MongoClient = require('mongodb').MongoClient; | |
| var url = "mongodb://localhost:27017/"; | |
| MongoClient.connect(url, function(err, db) { | |
| if (err) throw err; | |
| dbo = db.db("test_db"); | |
| var collection_name = "users"; | |
| var password_column = "password_"+Math.random().toString(36).slice(2) | |
| var password = "XXXXXXXXXXXXXXXXXXXXXX"; | |
| // flag is flag{password} | |
| var myobj = { "username": "admin", "last_access": moment().format('YYYY-MM-DD HH:mm:ss Z')}; | |
| myobj[password_column] = password; | |
| dbo.collection(collection_name).remove({}); | |
| dbo.collection(collection_name).update( | |
| { name: myobj.name }, | |
| myobj, | |
| { upsert: true } | |
| ); | |
| app.get('/', function (req, res) { | |
| res.sendFile(path.join(__dirname,'index.html')); | |
| }) | |
| app.post('/check', function (req, res) { | |
| var check_function = 'if(this.username == #username# && #username# == "admin" && hex_md5(#password#) == this.'+password_column+'){\nreturn 1;\n}else{\nreturn 0;}'; | |
| for(var k in req.body){ | |
| var valid = ['#','(',')'].every((x)=>{return req.body[k].indexOf(x) == -1}); | |
| if(!valid) res.send('Nope'); | |
| check_function = check_function.replace( | |
| new RegExp('#'+k+'#','gm') | |
| ,JSON.stringify(req.body[k])) | |
| } | |
| var query = {"$where" : check_function}; | |
| var newvalue = {$set : {last_access: moment().format('YYYY-MM-DD HH:mm:ss Z')}} | |
| dbo.collection(collection_name).updateOne(query,newvalue,function (e,r){ | |
| if(e) throw e; | |
| res.send('ok'); | |
| // ... implementing, plz dont release this. | |
| }); | |
| }) | |
| app.listen(8081) | |
| }); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment