forked from jphetphoumy/traefik-CVE-2024-45410-poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbackend.py
41 lines (31 loc) · 1.15 KB
/
backend.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from flask import Flask, request, render_template, abort, flash, redirect, url_for
app = Flask(__name__)
app.secret_key = 'supersecretkey'
ALLOWED_HOST = "127.0.0.1"
FLAG = "CTF{h0p-by-h0p-tr43f!k}"
@app.route('/', methods=['GET', 'POST'])
def index():
if request.method == 'POST':
submitted_flag = request.form.get('flag', '')
if submitted_flag == FLAG:
flash("Congratulations! You've successfully redeemed the coupon.", "success")
else:
flash("Invalid coupon code. Please try again.", "danger")
return render_template('index.html')
@app.route('/about')
def about():
return render_template('about.html')
@app.route('/services')
def services():
return render_template('services.html')
@app.route('/contact')
def contact():
return render_template('contact.html')
@app.route('/admin')
def admin():
x_forwarded_host = request.headers.get('X-Forwarded-Host', '')
if x_forwarded_host != ALLOWED_HOST:
abort(403, description="Forbidden: Invalid X-Forwarded-Host")
return render_template('admin.html', flag=FLAG)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8000)