pwn/CTFCUP-25
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Patch sonobank

Browse Source
This commit is contained in:
pwn
2025-12-05 11:43:04 +03:00
parent b79ef3a3f3
commit 4688603d80
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sonobank/crates/server/src/main.rs
View File

@@ -208,6 +208,10 @@ fn extract_payload(path: &str) -> String {
} }
} }
#[allow(dead_code)] #[allow(dead_code)]
fn escape_sql_literal(value: &str) -> String {
value.replace('\\', "\\\\").replace('\'', "''")
}
#[allow(dead_code)]
async fn handle_conn(socket: tokio::net::TcpStream) { async fn handle_conn(socket: tokio::net::TcpStream) {
let mut buf = vec![0u8; 4096]; let mut buf = vec![0u8; 4096];
let n = match socket.try_read(&mut buf) { let n = match socket.try_read(&mut buf) {
@@ -221,7 +225,8 @@ async fn handle_conn(socket: tokio::net::TcpStream) {
let path = parts.next().unwrap_or(""); let path = parts.next().unwrap_or("");
if method == "GET" { if method == "GET" {
let payload = extract_payload(path); let payload = extract_payload(path);
let simulated = format!("SELECT * FROM test WHERE field = '{}'", payload); let escaped_payload = escape_sql_literal(&payload);
let simulated = format!("SELECT * FROM test WHERE field = '{}'", escaped_payload);
tokio::spawn(forward_to_postgres(simulated)); tokio::spawn(forward_to_postgres(simulated));
} }
let _ = socket.try_write(b"HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nok"); let _ = socket.try_write(b"HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nok");