ctf-website/src, branch master

ctf-website/src, branch master The website for a Capture The Flag competition. https://git.amat.us/ctf-website/atom/src?h=master 2012-04-06T20:39:30Z Updated flags list. 2012-04-06T20:39:30Z David Barksdale amatus.amongus@gmail.com 2012-04-06T20:39:30Z urn:sha1:6632d4b8993b4676357a6ac6797788bae7d5d981 Be a bit more polite with failed logins. 2012-04-06T20:39:03Z David Barksdale amatus.amongus@gmail.com 2012-04-06T20:39:03Z urn:sha1:4f3ae689ab81ac6daad115db7a0fdf32a0a6c984 Added two new flags to home page with some reformatting. 2012-04-06T05:58:48Z David Barksdale amatus.amongus@gmail.com 2012-04-06T05:58:48Z urn:sha1:a832dce3558c0c104ad0722110589f7b0ec4ff9c Added list of challenges. 2012-04-06T03:28:42Z David Barksdale amatus.amongus@gmail.com 2012-04-06T03:28:42Z urn:sha1:7e0e286e9b1441240c89a032f8687c6a4eeefa84 Throttle account creation. 2012-04-06T03:11:59Z David Barksdale amatus.amongus@gmail.com 2012-04-06T03:11:59Z urn:sha1:5e66967a341052649226051731c5fb84b9592555 Created flag and scoreboard database. 2012-04-05T05:22:13Z David Barksdale amatus.amongus@gmail.com 2012-04-05T05:22:13Z urn:sha1:805348adff5ad6ee0efa42e24dbd84aed4249225 Avoid html injection. 2012-04-05T03:19:02Z David Barksdale amatus.amongus@gmail.com 2012-04-05T03:19:02Z urn:sha1:8c193293c6f42e8dd1522c8d5cd26febc8a20f02 This is probably unnecessary because valid unix usernames don't have any bad characters in them. Added flag form and login sessions. 2012-04-05T02:59:12Z David Barksdale amatus.amongus@gmail.com 2012-04-05T02:59:12Z urn:sha1:abbb4cf8b090bb95087f52dcc42927d13f792e36 Improved new account security. 2012-04-05T02:30:58Z David Barksdale amatus.amongus@gmail.com 2012-04-05T02:29:02Z urn:sha1:58d95efffff28e28d4f8db885b7abe7613728740 Since chpasswd takes multiple username:password lines it was possible to change the password of any account: curl -data "username=attacker&password=%0aroot:omghax" -k https://ctf/new Moved login form. 2012-04-05T02:28:39Z David Barksdale amatus.amongus@gmail.com 2012-04-05T02:28:39Z urn:sha1:d2c5278e5995c05949a2bcf431b9b0793b4f0522