from bottle import route, run, template, request, redirect, static_file import hashlib from secret import SECRET INDEX = '

Download a sample here!' FILES = '

sample.gif
dont.gif
flag

/') def download(umac): delim = msg = '' for k,v in request.query.allitems(): msg += delim + k + '=' + v delim = '&' if mac(msg) == umac: return static_file(request.query.f, root='./files') else: return redirect('/files/' + mac('f=dont.gif') + '/?f=dont.gif') run(host='0.0.0.0', port=8888, server='paste')