SHARE
TWEET

Untitled

a guest Mar 20th, 2016 297 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ased on the code snippet provided, please provide each of the following:
  2.  
  3.     The identified vulnerability class
  4.     An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
  5.     An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
  6.     In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
  7.     What should be done to mitigate the vulnerability?
  8.  
  9. Read the code snippets below from a rails application and answer the questions in relation to the user update functionality. controllers/users_controller.rb,
  10.  
  11. # PUT /current_user
  12.   def update
  13.     @user = User.find(current_user.id)
  14.     @user.update_attributes(params[:user])
  15.     respond_to do |format|
  16.         format.html { redirect_to @user, notice: 'User updated.' }
  17.     end
  18.   end
  19.  
  20. models/user.rb
  21. class User <; ActiveRecord::Base
  22. attr_protected :subscription_plan_id
  23. belongs_to :subscription_plan
  24.  ...
  25.  
  26. db/schema.rb
  27.   create_table "users", :force => true do |t|
  28.     t.string   "first_name"
  29.     t.string   "last_name"
  30.     t.string   "email"
  31.     t.string   "address_1"
  32.     t.string   "address_2"
  33.     t.string   "city"
  34.     t.string   "state"
  35.     t.integer  "zipcode"
  36.     t.integer  "subscription_plan_id"
  37.     t.boolean  "is_admin_user",  :default => false,  :null => false
  38.     t.datetime "created_at",  :null => false
  39.     t.datetime "updated_at",  :null => false
  40.     t.string   "encrypted_password",  :default => "",  :null => false
  41.   end
  42.  
  43.  
  44.  
  45. Answer:
  46. ??????????
  47.  
  48.  
  49.  
  50.  
  51.  
  52.  
  53.  
  54.  
  55. Based on the code snippet provided, please provide the following:
  56.  
  57.     The identified vulnerability class
  58.     An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
  59.     An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
  60.     In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
  61.     What should be done to mitigate the vulnerability?
  62.  
  63. Review the HTML form below along with the node.js handler below.
  64.  
  65. <html>
  66.  <head>
  67.    <meta charset="utf-8" />
  68.    <title>Please login!</title>
  69.  </head>
  70.  <body>
  71.    <div id="contact">
  72.      <h1>Send an email</h1>
  73.      <form action="http://application.nodejs/authenticate" method="post">
  74.      <fieldset>
  75.        <label for="name">Username:</label>
  76.        <input type="text" id="username" name="username" placeholder="Username" />
  77.        <label for="Password">Password:</label>
  78.        <input type="password" id="password" autocomplete="off" />
  79.        <input type="submit" value="Authenticate" />
  80.      </fieldset>
  81.      </form>
  82.    </div>
  83.  </body>
  84. </html>
  85.  
  86. var express = require('express');
  87. var app     = express();
  88.  
  89. app.use(express.bodyParser());
  90.  
  91. app.post('/authenticate',function(req, res) {
  92.  authenticate(req.params.username,req.params.password);
  93. });
  94.  
  95. app.listen(80, function() {
  96.  console.log('Server running...');
  97. });
  98.  
  99.  
  100.  
  101.  
  102. Answer:
  103. ??
  104.  
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111.  
  112.  
  113. Based on the code snippet provided, please provide each of the following:
  114.  
  115.     The identified vulnerability class
  116.     An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
  117.     An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
  118.     In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
  119.     What should be done to mitigate the vulnerability?
  120.  
  121. <?php
  122.  
  123. if(isset($_GET['save_config']))
  124. {
  125. // Content that will be written to the config file
  126. $content = "<?php
  127. ";
  128.    // Iterate each POST parameter and write the config file
  129. foreach($_POST as $param_name => $value) {
  130. $content.= "$config['db']['".$param_name."'] = '".addslashes($value)."';
  131. ";
  132. }
  133. $content.= "?>";
  134.  
  135. // Open the WEB_ROOT/includes/config.php for writing
  136. $handle = fopen('../includes/config.php', 'w');
  137. // Write the config file
  138. fwrite($handle, $content);
  139. // Close the file
  140. fclose($handle);
  141.  
  142. header("Location: settings.php");
  143. exit;
  144. }
  145.  
  146. ?>
  147.  
  148.  
  149.  
  150.  
  151. Answer:
  152. ??
  153.  
  154.  
  155.  
  156.  
  157.  
  158.  
  159.  
  160.  
  161.  
  162.  
  163.  
  164.  
  165.  
  166.  
  167.  
  168.  
  169. Based on the code snippet provided, please provide each of the following:
  170.  
  171.     The identified vulnerability class
  172.     An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
  173.     An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
  174.     In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
  175.     What should be done to mitigate the vulnerability?
  176.  
  177. If results = 0 Then
  178.   response.write("<p>Could not find: ")
  179.   response.write(request.getParameter("search_str") _
  180.   + "</p>")
  181. Else
  182.  printResults(results)
  183. End If
  184.  
  185.  
  186.  
  187. Answer:
  188. ??
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top