Created
February 24, 2021 18:52
-
-
Save hfuller/a95abb61e9004c0c94368172cdb7c17a to your computer and use it in GitHub Desktop.
whitelist.py - Extremely insecure tool to allow users to add themselves to the minecraft whitelist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from flask import Flask, request | |
import requests | |
import json | |
app = Flask(__name__) | |
@app.route('/') | |
def hello_world(): | |
return 'get out' | |
@app.route('/add', methods=['POST']) | |
def add(): | |
with open('add_secret.txt', 'r') as f: | |
add_secret = f.read().strip() | |
if request.form['secret'] != add_secret: | |
return('you are not cool enough to do this', 400) | |
user = request.form['user'] | |
print("Adding", user) | |
with open('whitelist.json', 'r') as f: | |
whitelist = json.loads(f.read()) | |
print("Whitelist entries loaded:", len(whitelist)) | |
whitelist_filter = [x for x in whitelist if x['name'] == user] | |
if len(whitelist_filter) > 0: | |
return("It was already in there", 400) | |
user_blob = requests.get("https://api.mojang.com/users/profiles/minecraft/" + user).json() | |
print("User blob:", user_blob) | |
whitelist.append(user_blob) | |
with open('whitelist.json', 'w') as f: | |
f.write(json.dumps(whitelist)) | |
print("Whitelist entries written to file:", len(whitelist)) | |
return("ok") | |
app.run(host='0.0.0.0', port=42069, debug=False) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment