Below is the code to a CGI script for the creation of user accounts. The script will check if a username for a new account is taken and will, if a the username is not taken, create a file with information (i.e. username and password) about a new user. Previously, a question was asked about giving CGI scripts created by this file certain privileges (link: Running a Python CGI Script with Sudo Privileges on the Apache Server). Feedback was given about potential security problems with this script. For instance, it was suggested that if a path was entered into the form for creating a username, problems could be started. The server was set up to forbid access to certain directories where problems could arise. Are there any other potential security risks and what are some potential fixes?
Thanks for any answers!
#!/usr/bin/python
import cgi, os
import cgitb
cgitb.enable()
# Retrieve form fields
form = cgi.FieldStorage() # Get POST data
fname = form.getfirst("fname") # Pull fname field data
passw = form.getfirst("passw") # Pull lname field data
# Begin HTML generation
print "Content-Type: text/html; charset=UTF-8" # Print headers
print ""
try:
with open('Users/%s.py' %(fname)):
print '''
<!DOCTYPE html>
<html>
<head>
<link media="screen" type="text/css" rel="stylesheet" href="/style.css"></linK>
<meta charset="UTF-8">
<META http-equiv="refresh" content="3;URL=/cgi-bin/createAccount/createAccount.html">
<meta name="keywords" content="chat, chat.ngrok.com">
<title>Please Wait</title>
<body bgcolor="black">
<div id="navbar">
<ul>
<li><a href="/">Home</a></li>
<li><a href="#">About</a></li>
<li><a href="/">Create Account</a></li>
<li><a href="/">Login</a></li>
<li><a href="/">LinkHere</a></li>
</ul>
</div>
<div class="Container">
<div class="Header"></div>
<div id="fire">
<br>
<h1>Sorry, this username is already taken!</h1>
</div>
</body>
</html>
'''
except IOError:
createU = open('Users/%s.py' %(fname),'w')
createU.write('''#!/usr/bin/python
print "Content-type: text/html; charset=UTF-8"
print ""
print "<!DOCTYPE html>"
print "<html>"
print "<head>"
print "<link media='screen' type='text/css' rel='stylesheet' src='/style.css'></link>"
print "</title>Test</title>"
print "</head>"
print "<body bgcolor='black'>"
print "<div id='navbar'>"
print "<ul>"
print "<a href='/'>Home</a></li>"
print "<a href='/'>About</a></li>"
print "<a href='/'>Create Account</a></li>"
print "<a href='/'>Login</a></li>"
print "<a href='/'>LinkHere</a></li>"
print "</ul>"
print "</div>"
print "<div class='Container'>"
print "<div class='Header'></div>"
print "</body>"
print "</html>"''')
createU.close()
os.system('chmod +x Users/%s.py' %(fname))
print '''
<!DOCTYPE html>
<html>
<head>
<link media="screen" type="text/css" rel="stylesheet" href="/style.css"></linK>
<meta charset="UTF-8">
<meta name="keywords" content="chat, chat.ngrok.com">
<title>Please Wait</title>
<body bgcolor="black">
<div id="navbar">
<ul>
<li><a href="/">Home</a></li>
<li><a href="#">About</a></li>
<li><a href="/">Create Account</a></li>
<li><a href="/">Login</a></li>
<li><a href="/">LinkHere</a></li>
</ul>
</div>
<div class="Container">
<div class="Header"></div>
<div id="fire">
<br>
<h1>Loading... Please Wait!</h1>
</div>
<form action="./test.py" name="FNAME" method="post">
'''
print '<input type="hidden" name="passw" value="%s" />' %(passw)
print '''
</form>
<SCRIPT TYPE="text/JavaScript">document.forms["FNAME"].submit();</SCRIPT>
</form>
</body>
</html>
'''
