Skip to content

Commit 8de0252

Browse files
tanaydintanaydin
committed
Fixed DEBUG variable effects in the vulnerable server code.
1 parent 2ffaaca commit 8de0252

File tree

2 files changed

+24
-4
lines changed

2 files changed

+24
-4
lines changed

data/txt/sha256sums.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128 extra/shutils/
157157
df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh
158158
1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh
159159
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/vulnserver/__init__.py
160-
eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserver/vulnserver.py
160+
486d94bdd9603ef157e2b6c409df9099ff9219782e4bf76770bca5d01ed8d537 extra/vulnserver/vulnserver.py
161161
96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c lib/controller/action.py
162162
fad6640f60eac8ad1b65895cbccc39154864843a2a0b0f2ac596d3227edcd4f6 lib/controller/checks.py
163163
34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6 lib/controller/controller.py

extra/vulnserver/vulnserver.py

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
import base64
1313
import json
14+
import os
1415
import re
1516
import sqlite3
1617
import sys
@@ -19,7 +20,7 @@
1920

2021
PY3 = sys.version_info >= (3, 0)
2122
UNICODE_ENCODING = "utf-8"
22-
DEBUG = False
23+
DEBUG = os.getenv('VULN_SERVER_DEBUG', '').lower() in ('true', '1', 'yes', 'on')
2324

2425
if PY3:
2526
from http.client import INTERNAL_SERVER_ERROR
@@ -82,12 +83,17 @@ def _(*args, **kwargs):
8283

8384
print = _
8485

86+
def debug_print(msg):
87+
if DEBUG:
88+
print("[DEBUG] %s" % msg)
89+
8590
class ThreadingServer(ThreadingMixIn, HTTPServer):
8691
def finish_request(self, *args, **kwargs):
8792
try:
8893
HTTPServer.finish_request(self, *args, **kwargs)
8994
except Exception:
9095
if DEBUG:
96+
debug_print("Error in finish_request:")
9197
traceback.print_exc()
9298

9399
class ReqHandler(BaseHTTPRequestHandler):
@@ -144,19 +150,26 @@ def do_REQUEST(self):
144150
try:
145151
if self.params.get("echo", ""):
146152
output += "%s<br>" % self.params["echo"]
153+
debug_print("Echo parameter: %s" % self.params["echo"])
147154

148155
if self.params.get("reflect", ""):
149156
output += "%s<br>" % self.params.get("id")
157+
debug_print("Reflect parameter: %s" % self.params.get("id"))
150158

151159
with _lock:
152160
if "query" in self.params:
161+
debug_print("Executing query: %s" % self.params["query"])
153162
_cursor.execute(self.params["query"])
154163
elif "id" in self.params:
155164
if "base64" in self.params:
156-
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode())
165+
decoded_id = base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode()
166+
debug_print("Decoded base64 ID: %s" % decoded_id)
167+
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % decoded_id)
157168
else:
169+
debug_print("Executing query with ID: %s" % self.params["id"])
158170
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"])
159171
results = _cursor.fetchall()
172+
debug_print("Query results: %s" % results)
160173

161174
output += "<b>SQL results:</b><br>\n"
162175

@@ -180,7 +193,9 @@ def do_REQUEST(self):
180193
output += "</body></html>"
181194
except Exception as ex:
182195
code = INTERNAL_SERVER_ERROR
183-
output = "%s: %s" % (re.search(r"'([^']+)'", str(type(ex))).group(1), ex)
196+
error_msg = "%s: %s" % (re.search(r"'([^']+)'", str(type(ex))).group(1), ex)
197+
debug_print("Error occurred: %s" % error_msg)
198+
output = error_msg
184199

185200
self.send_response(code)
186201

@@ -213,7 +228,9 @@ def do_POST(self):
213228
data = self.rfile.read(length)
214229
data = unquote_plus(data.decode(UNICODE_ENCODING, "ignore"))
215230
self.data = data
231+
debug_print("Received POST data: %s" % data)
216232
elif self.headers.get("Transfer-encoding") == "chunked":
233+
debug_print("Processing chunked transfer encoding")
217234
data, line = b"", b""
218235
count = 0
219236

@@ -243,13 +260,16 @@ def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
243260
try:
244261
_alive = True
245262
_server = ThreadingServer((address, port), ReqHandler)
263+
debug_print("Initializing server at 'http://%s:%d'" % (address, port))
246264
print("[i] running HTTP server at 'http://%s:%d'" % (address, port))
247265
_server.serve_forever()
248266
except KeyboardInterrupt:
267+
debug_print("Received keyboard interrupt")
249268
_server.socket.close()
250269
raise
251270
finally:
252271
_alive = False
272+
debug_print("Server stopped")
253273

254274
if __name__ == "__main__":
255275
try:

0 commit comments

Comments
 (0)