var express = require('express') | |
var app = express() | |
var bodyParser = require('body-parser') | |
app.use(bodyParser.urlencoded({})); | |
var path = require("path"); | |
var moment = require('moment'); | |
var MongoClient = require('mongodb').MongoClient; | |
var url = "mongodb://localhost:27017/"; | |
MongoClient.connect(url, function(err, db) { | |
if (err) throw err; | |
dbo = db.db("test_db"); | |
var collection_name = "users"; | |
var password_column = "password_"+Math.random().toString(36).slice(2) | |
var password = "XXXXXXXXXXXXXXXXXXXXXX"; | |
// flag is flag{password} | |
var myobj = { "username": "admin", "last_access": moment().format('YYYY-MM-DD HH:mm:ss Z')}; | |
myobj[password_column] = password; | |
dbo.collection(collection_name).remove({}); | |
dbo.collection(collection_name).update( | |
{ name: myobj.name }, | |
myobj, | |
{ upsert: true } | |
); | |
app.get('/', function (req, res) { | |
res.sendFile(path.join(__dirname,'index.html')); | |
}) | |
app.post('/check', function (req, res) { | |
var check_function = 'if(this.username == #username# && #username# == "admin" && hex_md5(#password#) == this.'+password_column+'){\nreturn 1;\n}else{\nreturn 0;}'; | |
for(var k in req.body){ | |
var valid = ['#','(',')'].every((x)=>{return req.body[k].indexOf(x) == -1}); | |
if(!valid) res.send('Nope'); | |
check_function = check_function.replace( | |
new RegExp('#'+k+'#','gm') | |
,JSON.stringify(req.body[k])) | |
} | |
var query = {"$where" : check_function}; | |
var newvalue = {$set : {last_access: moment().format('YYYY-MM-DD HH:mm:ss Z')}} | |
dbo.collection(collection_name).updateOne(query,newvalue,function (e,r){ | |
if(e) throw e; | |
res.send('ok'); | |
// ... implementing, plz dont release this. | |
}); | |
}) | |
app.listen(8081) | |
}); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment