Addressed issue #117

chapters/web-application-security/exotic-attacks/activities/todo-app/README.md

@@ -1,9 +1,16 @@
-# Name: Web: Exotic Attacks: TODO App
+## Name: 
+# Web: Exotic Attacks: TODO App
 
 ## Vulnerability
 
 PHP Object Injection / PHP Insecure Object Deserialization
 
+## Description
+
+Exploit PHP object deserialization to read the flag from http://141.85.224.101:30015.
+
+Score: 100
+
 ## Exploit
 
 If you click on the `Open source license` bottom link, you will see the license page and, at the end, the source code to help you craft the payload.
@@ -30,4 +37,6 @@ So we have to make a request with the result as cookie:
 
 `Cookie: todos=760463360e4919ca238d1566fc26661fa%3A1%3A%7Bi%3A0%3BO%3A16%3A%22GPLSourceBloater%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A8%3A%22flag.php%22%3B%7D%7D`
 
-Exploit in `../sol/solution.sh`.
+Solution in `../sol/solution.sh`.
+
+

chapters/web-application-security/exotic-attacks/activities/todo-app/deploy/Dockerfile

@@ -1,3 +1,16 @@
+FROM php:7.2-apache as builder
+
+# Copy the flag file and source files
+COPY flag ./flag
+COPY src/ ./src/
+
+# Generate flag.php by substituting __TEMPLATE__ with the flag content
+RUN sed "s|__TEMPLATE__|$(cat ./flag)|g" ./src/flag-template.php > ./src/flag.php
+
 FROM php:7.2-apache
 
+# Copy all source files from host
 COPY src/ /var/www/html/
+
+# Copy the generated flag.php from the builder stage
+COPY --from=builder ./src/flag.php /var/www/html/flag.php

chapters/web-application-security/exotic-attacks/activities/todo-app/deploy/Makefile

@@ -1,20 +1,17 @@
-FILE	:= ../flag
-FLAG	:= $(shell cat $(FILE))
+EXTERNAL_PORT := 8002
+INTERNAL_PORT := 80
+NAME := sss-web-08_todo-app
 
-run: generate build
-	docker run -d -p 8002:80 --name sss-web-08_todo-app sss-web-08_todo-app
+run: build
+	docker run -d -p $(EXTERNAL_PORT):$(INTERNAL_PORT) --name $(NAME) $(NAME)
 
-build: generate
-	docker build -f Dockerfile -t sss-web-08_todo-app ..
-
-generate:
-	sed 's/__TEMPLATE__/$(FLAG)/g' ../src/flag-template.php > ../src/flag.php
+build:
+	docker build -f Dockerfile -t $(NAME) ..
 
 stop:
-	docker stop sss-web-08_todo-app
+	docker stop $(NAME)
 
 clean: stop
-	docker rm sss-web-08_todo-app
-	rm ../src/flag.php
+	docker rm $(NAME)
 
 .PHONY: build run stop clean

chapters/web-application-security/exotic-attacks/activities/todo-app/deploy/values.yaml

@@ -0,0 +1,45 @@
+namespace: exotic-attacks
+
+challenge:
+  name: todo-app
+  category: web-application-security
+
+image:
+  repository: todo-app
+  tag: latest
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+containerPort: 80
+
+service:
+  type: NodePort
+  port: 80
+  nodePort: 30015  # Port for accessing the challenge
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 50m
+    memory: 64Mi
+
+# Healthcheck configuration for PHP/Apache application
+# Using "/" (main application endpoint) for liveness/readiness checks is appropriate here because:
+# 1. The application is stateless and has no external dependencies (DB, cache, etc.)
+# 2. If Apache responds successfully to HTTP requests, the application is ready
+# 3. PHP/Apache automatically restarts PHP engine on failures, so HTTP response indicates health
+# Unlike database-backed services, a dedicated /_healthcheck endpoint is not needed.
+healthCheck:
+  enabled: true
+  path: "/"
+  initialDelaySeconds: 5
+  periodSeconds: 15
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}