Start new challenge

oh_my_api/Dockerfile

@@ -0,0 +1,4 @@
+FROM php:8.3-apache
+COPY src/ /var/www/html/
+
+ENV FLAG=CHANGEME

oh_my_api/README.md

@@ -0,0 +1,8 @@
+# Unsafe gallery challenge
+You need to set the `FLAG` environment variable for this challenge to work!
+
+
+## Run the image
+```bash
+docker run --rm --name unsafe_gallery --env FLAG='FLAG{BROKEN_ACL}' -p 3568:80 -it pierre42100/gns3-appliance-oh-my-api
+```

oh_my_api/build.sh

@@ -0,0 +1 @@
+sudo docker build -t pierre42100/gns3-appliance-oh-my-api .

oh_my_api/src/.htaccess

@@ -0,0 +1 @@
+Options -Indexes

oh_my_api/src/api.php

@@ -0,0 +1,58 @@
+<?php
+
+$path = isset($_SERVER["PATH_INFO"]) ? $_SERVER["PATH_INFO"] : "/";
+
+// First, connect to database
+try
+{
+  $db = new PDO('sqlite:'.__DIR__.'/database.db');
+}
+catch (PDOException $e)
+{
+  echo 'Connection to database failed: ' . $e->getMessage();
+}
+
+// Check for supplied authentication
+if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
+{
+  $user = $_SERVER['PHP_AUTH_USER'];
+  $pass = $_SERVER['PHP_AUTH_PW'];
+
+  $password_hash = hash("sha512", $pass);
+
+  $query = "SELECT * FROM users WHERE user = ? AND password = ?";
+  $stmt = $db->prepare($query);
+  $stmt->execute(array($user, $password_hash));
+
+  $res = $stmt->fetchAll();
+
+  if(count($res) === 0)
+  {
+    http_response_code(401);
+    echo "The specified credentials are invalid!";
+    exit(0);
+  }
+  
+  $user = $res[0];
+}
+
+header("content-type: application/json");
+
+// Home page
+if ($path === "/") {
+  echo "{\"msg\": \"Oh my API\"}";
+  exit(0);
+}
+
+// Get user information
+else if($path === "/user")
+{
+  ?>{"user": "<?=$user["user"]?>", "admin": <?=$user["is_admin"]?"true":"false"?>}<?php
+  exit(0);
+}
+
+// 404 not found
+else {
+  http_response_code(404);
+  echo "\"404 Not Found\"";
+}

oh_my_api/src/index.css

@@ -0,0 +1,16 @@
+html {
+    box-sizing: border-box;
+    overflow: -moz-scrollbars-vertical;
+    overflow-y: scroll;
+}
+
+*,
+*:before,
+*:after {
+    box-sizing: inherit;
+}
+
+body {
+    margin: 0;
+    background: #fafafa;
+}

oh_my_api/src/index.html

@@ -0,0 +1,21 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Swagger UI</title>
+    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-PFFSBW3');</script>
+    <link rel="stylesheet" type="text/css" href="./swagger-ui.css" />
+    <link rel="stylesheet" type="text/css" href="index.css" />
+    <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
+    <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
+  </head>
+
+  <body>
+    <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-PFFSBW3" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
+    <div id="swagger-ui"></div>
+    <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
+    <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
+    <script src="./swagger-initializer.js" charset="UTF-8"> </script>
+  </body>
+</html>

oh_my_api/src/swagger-initializer.js

@@ -0,0 +1,28 @@
+window.onload = function() {
+    const defaultDefinitionUrl = "/swagger.yaml";
+    const ossServices = `petstore3.swagger.io=https://petstore3.swagger.io/api/v3/openapi.json,petstore31.swagger.io=https://petstore31.swagger.io/api/v31/openapi.json,petstore.swagger.io=https://petstore.swagger.io/v2/swagger.json,generator.swagger.io=https://generator.swagger.io/api/swagger.json,generator3.swagger.io=https://generator3.swagger.io/openapi.json,validator.swagger.io=https://validator.swagger.io/validator/openapi.json,oai.swagger.io=https://oai.swagger.io/api/openapi.json,converter.swagger.io=https://converter.swagger.io/api/openapi.json`;
+    const ossServicesTuples = ossServices.split(',').map(ossService => ossService.split('='))
+    const ossServiceMatch = ossServicesTuples.find(([host]) => window.location.host.includes(host))
+    const definitionURL = ossServiceMatch ? ossServiceMatch[1] : defaultDefinitionUrl;
+
+    
+      //<editor-fold desc="Changeable Configuration Block">
+      window.ui = SwaggerUIBundle({
+        url: definitionURL,
+        "dom_id": "#swagger-ui",
+        deepLinking: true,
+        presets: [
+          SwaggerUIBundle.presets.apis,
+          SwaggerUIStandalonePreset
+        ],
+        plugins: [
+          SwaggerUIBundle.plugins.DownloadUrl
+        ],
+        layout: "StandaloneLayout",
+        queryConfigEnabled: true,
+     //   validatorUrl: "https://validator.swagger.io/validator",
+      })
+      
+      //</editor-fold>
+
+};

oh_my_api/src/swagger.yaml

@@ -0,0 +1,34 @@
+openapi: 3.0.3
+info:
+  title: Oh My API
+  description: |-
+   Welcome to my articles services API
+  version: 1.0.0
+servers:
+  - url: /api.php
+paths:
+  /:
+    get:
+      tags:
+        - default
+      summary: API root
+      description: Get welcome message of API
+      responses:
+        '200':
+          description: Successful operation
+  /user:
+    get:
+      tags:
+        - default
+      summary: User info
+      description: Get information about current user
+      responses:
+        '200':
+          description: Successful operation
+      security:
+      - basicAuth: [] 
+components:
+  securitySchemes:
+    basicAuth:
+      type: http
+      scheme: basic