-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathxss_game.py
180 lines (154 loc) · 5.51 KB
/
xss_game.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
from flask import *
import re, cgi
app = Flask(__name__)
app.secret_key = "alachamtouri"
"""
this link will reset your session and then redirects you to home page
"""
@app.route("/reset", methods=["GET"])
def reset():
session.clear()
return redirect(url_for("home"))
"""
this home page where it is required to submit your name as player in order to access the rest of the pages
"""
@app.route("/", methods=["GET", "POST"])
def home():
if request.method == "POST":
login = request.form.get("login")
if login:
session["user"] = login
session.modified = True
session.permanent = True
return redirect(url_for("easy"))
else:
return """
<h1>XSS GAME:</h1>
<a href="/">home</a><br><a href="/easy">easy</a><br><a href="/medium">medium</a><br><a href="/hard">hard</a><br><a href="/impossible">impossible</a><br><a href="/reset">reset</a>
<h2>Home</h2>
<br><br><form action="" method="post">
<b>Player's name:</b><input type="text" placeholder="Enter Your Name..." name="login" required>
<br><button type="submit">submit</button>
</form>"""
"""
this is easy level where any js payload will be passed without any problem
"""
@app.route("/easy", methods=["GET"])
def easy():
if session:
u = request.args.get("u")
if u:
msg = "<b>Your input:</b><br><br>" + u
else:
msg = ""
resp = make_response(
"""
<h1>XSS GAME:</h1>
<a href="/">home</a><br><a href="/easy">easy</a><br><a href="/medium">medium</a><br><a href="/hard">hard</a><br><a href="/impossible">impossible</a><br><a href="/reset">reset</a>
<h2>level EASY</h2>
{}
<br><br><form action="easy" method="get">
<b>message to display:</b><input type="text" placeholder="Enter Your Message..." name="u" required>
<br><button type="submit">submit</button>
</form>""".format(
msg
)
)
resp.set_cookie("level", "easy")
resp.set_cookie("username", session["user"])
return resp
else:
return redirect(url_for("home"))
"""
this is medium level where any js payload with "<script>" will fail, so use your imagination ;)
"""
@app.route("/medium", methods=["GET"])
def medium():
if session:
u = request.args.get("u")
if u:
if "<script>" in re.findall(r"<[^>]+>", u):
u = cgi.escape(u, quote=True)
msg = "<b>Your input:</b><br><br>" + u
else:
msg = ""
resp = make_response(
"""
<h1>XSS GAME:</h1>
<a href="/">home</a><br><a href="/easy">easy</a><br><a href="/medium">medium</a><br><a href="/hard">hard</a><br><a href="/impossible">impossible</a><br><a href="/reset">reset</a>
<h2>level MEDIUM</h2>
{}
<br><br><form action="medium" method="get">
<b>message to display:</b><input type="text" placeholder="Enter Your Message..." name="u" required>
<br><button type="submit">submit</button>
</form>""".format(
msg
)
)
resp.set_cookie("level", "medium")
resp.set_cookie("username", session["user"])
return resp
else:
return redirect(url_for("home"))
"""
this is hard level where you have to run js without using any js tags :p
"""
@app.route("/hard", methods=["GET"])
def hard():
if session:
u = request.args.get("u")
if u:
if re.findall(r"<*?script.*?>", u.lower()):
u = cgi.escape(u, quote=True)
msg = "<b>Your input:</b><br><br>" + u
else:
msg = ""
resp = make_response(
"""
<h1>XSS GAME:</h1>
<a href="/">home</a><br><a href="/easy">easy</a><br><a href="/medium">medium</a><br><a href="/hard">hard</a><br><a href="/impossible">impossible</a><br><a href="/reset">reset</a>
<h2>level HARD</h2>
{}
<br><br><form action="hard" method="get">
<b>message to display:</b><input type="text" placeholder="Enter Your Message..." name="u" required>
<br><button type="submit">submit</button>
</form>""".format(
msg
)
)
resp.set_cookie("level", "hard")
resp.set_cookie("username", session["user"])
return resp
else:
return redirect(url_for("home"))
"""
this is level impossible where it's impossible to use any js or html payloads (it's just an example of how to fix the XSS vulnerability so don't even bother yourselves playing it xD )
"""
@app.route("/impossible", methods=["GET"])
def impossible():
if session:
u = request.args.get("u")
if u:
u = cgi.escape(u, quote=True)
msg = "<b>Your input:</b><br><br>" + u
else:
msg = ""
resp = make_response(
"""
<h1>XSS GAME:</h1>
<a href="/">home</a><br><a href="/easy">easy</a><br><a href="/medium">medium</a><br><a href="/hard">hard</a><br><a href="/impossible">impossible</a><br><a href="/reset">reset</a>
<h2>level IMPOSSIBLE</h2>
{}
<br><br><form action="impossible" method="get">
<b>message to display:</b><input type="text" placeholder="Enter Your Message..." name="u" required>
<br><button type="submit">submit</button>
</form>""".format(
msg
)
)
resp.set_cookie("level", "impossible")
resp.set_cookie("username", session["user"])
return resp
else:
return redirect(url_for("home"))
app.run(host="0.0.0.0", debug=True, threaded=True, port=8888)