Let’s talk about ArtificialUniversity
. Please do not share any flags or writeups.
Okay, we somehow have to trigger this function.
def bot_runner(email, password, payment_id):
firefox_options = Options()
firefox_binary_path = "/opt/firefox/firefox"
geckodriver_path = "/usr/local/bin/geckodriver"
firefox_options.add_argument("--headless")
firefox_options.binary_location = firefox_binary_path
firefox_service = Service(geckodriver_path)
client = webdriver.Firefox(service=firefox_service, options=firefox_options)
try:
client.get("http://127.0.0.1:1337/login")
time.sleep(3)
client.find_element(By.ID, "email").send_keys(email)
client.find_element(By.ID, "password").send_keys(password)
client.execute_script("document.getElementById('login-btn').click()")
time.sleep(3)
client.get(f"http://127.0.0.1:1337/static/invoices/invoice_{payment_id}.pdf")
time.sleep(10)
finally:
client.quit()
And there’s only way to trigger it
$ grep -r "bot_runner"
src/store/application/util/bot.py:def bot_runner(email, password, payment_id):
src/store/application/blueprints/routes.py:from application.util.bot import bot_runner
src/store/application/blueprints/routes.py: bot_runner(current_app.config["ADMIN_EMAIL"], current_app.config["ADMIN_PASS"], payment_id)
This is really insnae
Check the source code meticulously you’ll figure it out
These should help you