kzar/sitekey-recursive-bug.py

## sitekey-recursive-bug.py
import base64
import M2Crypto

from flask import Flask, request, make_response

app = Flask(__name__)
private_key = """-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBANGtTstne7e8MbmDHDiMFkGbcuBgXmiVesGOG3gtYeM1EkrzVhBj
GUvKXYE4GLFwqty3v5MuWWbvItUWBTYoVVsCAwEAAQJAMzI/5QZ1fN1kvsk2oNAD
ty0/lW2yX5LwEEakiml6V0Fy7L94It/J6xesrPqn6jWJvfZtQz6+bEE/zAPevNo2
MQIhAO9N7PjhIM4kaXfR60dhnY8ZB+kGGv6lywSGC8xgyvhvAiEA4E45co1spMKx
kBXDD3+KGCgmz8XusUFzRpJNBIIo79UCICHZTemuPmuqLtjp8nO4VQcGrV3CpVLb
tKnBJC4Wit81AiEAvCZBn+orUMUTZnYqqcxkzMCZVb2E6+CnznGX8wkvR4UCIQCT
CWehIJKQc+gsrnAp6SYctjxtK8VjKdtruhCE5C7Ukw==
-----END RSA PRIVATE KEY-----"""

@app.route("/")
def root_handler():
  key = M2Crypto.EVP.load_key_string(private_key)
  key.sign_init()
  key.sign_update("\0".join((str(request.path), str(request.host),
                             str(request.user_agent))))
  public_key = base64.b64encode(key.as_der())
  signature = base64.b64encode(key.final())

  adblockkey = "%s_%s" % (public_key, signature)
  exception_filter = "@@$sitekey=" + public_key.rstrip("=")

  print (request.path, request.host, request.headers["User-Agent"], adblockkey)

  response = make_response("""
  <html data-adblockkey="%s">
  <body>
    <p>ads</p>
    <p>%s</p>
    <iframe src="/frame" style="width:100%%; height:200px"></iframe>
    <img src="http://static.kzar.co.uk/genericblockhide-test/neverhide.png?ads=" />
  </body>
  </html>""" % (adblockkey, exception_filter), 200)
  response.headers["X-Adblock-Key"] = adblockkey
  return response

@app.route("/frame")
def frame_handler():
  return """
<html>
  <body>
    <img src="http://static.kzar.co.uk/genericblockhide-test/generichide.jpg?ads=" />
  </body>
</html"""

if __name__ == "__main__":
  app.run(debug=True)
	import base64
	import M2Crypto

	from flask import Flask, request, make_response

	app = Flask(__name__)
	private_key = """-----BEGIN RSA PRIVATE KEY-----
	MIIBOwIBAAJBANGtTstne7e8MbmDHDiMFkGbcuBgXmiVesGOG3gtYeM1EkrzVhBj
	GUvKXYE4GLFwqty3v5MuWWbvItUWBTYoVVsCAwEAAQJAMzI/5QZ1fN1kvsk2oNAD
	ty0/lW2yX5LwEEakiml6V0Fy7L94It/J6xesrPqn6jWJvfZtQz6+bEE/zAPevNo2
	MQIhAO9N7PjhIM4kaXfR60dhnY8ZB+kGGv6lywSGC8xgyvhvAiEA4E45co1spMKx
	kBXDD3+KGCgmz8XusUFzRpJNBIIo79UCICHZTemuPmuqLtjp8nO4VQcGrV3CpVLb
	tKnBJC4Wit81AiEAvCZBn+orUMUTZnYqqcxkzMCZVb2E6+CnznGX8wkvR4UCIQCT
	CWehIJKQc+gsrnAp6SYctjxtK8VjKdtruhCE5C7Ukw==
	-----END RSA PRIVATE KEY-----"""

	@app.route("/")
	def root_handler():
	key = M2Crypto.EVP.load_key_string(private_key)
	key.sign_init()
	key.sign_update("\0".join((str(request.path), str(request.host),
	str(request.user_agent))))
	public_key = base64.b64encode(key.as_der())
	signature = base64.b64encode(key.final())

	adblockkey = "%s_%s" % (public_key, signature)
	exception_filter = "@@$sitekey=" + public_key.rstrip("=")

	print (request.path, request.host, request.headers["User-Agent"], adblockkey)

	response = make_response("""
	<html data-adblockkey="%s">
	<body>
	<p>ads</p>
	<p>%s</p>
	<iframe src="/frame" style="width:100%%; height:200px"></iframe>
	<img src="http://static.kzar.co.uk/genericblockhide-test/neverhide.png?ads=" />
	</body>
	</html>""" % (adblockkey, exception_filter), 200)
	response.headers["X-Adblock-Key"] = adblockkey
	return response

	@app.route("/frame")
	def frame_handler():
	return """
	<html>
	<body>
	<img src="http://static.kzar.co.uk/genericblockhide-test/generichide.jpg?ads=" />
	</body>
	</html"""

	if __name__ == "__main__":
	app.run(debug=True)