Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ased on the code snippet provided, please provide each of the following:
- The identified vulnerability class
- An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
- An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
- In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
- What should be done to mitigate the vulnerability?
- Read the code snippets below from a rails application and answer the questions in relation to the user update functionality. controllers/users_controller.rb,
- # PUT /current_user
- def update
- @user = User.find(current_user.id)
- @user.update_attributes(params[:user])
- respond_to do |format|
- format.html { redirect_to @user, notice: 'User updated.' }
- end
- end
- models/user.rb
- class User <; ActiveRecord::Base
- attr_protected :subscription_plan_id
- belongs_to :subscription_plan
- ...
- db/schema.rb
- create_table "users", :force => true do |t|
- t.string "first_name"
- t.string "last_name"
- t.string "email"
- t.string "address_1"
- t.string "address_2"
- t.string "city"
- t.string "state"
- t.integer "zipcode"
- t.integer "subscription_plan_id"
- t.boolean "is_admin_user", :default => false, :null => false
- t.datetime "created_at", :null => false
- t.datetime "updated_at", :null => false
- t.string "encrypted_password", :default => "", :null => false
- end
- Answer:
- ??????????
- Based on the code snippet provided, please provide the following:
- The identified vulnerability class
- An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
- An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
- In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
- What should be done to mitigate the vulnerability?
- Review the HTML form below along with the node.js handler below.
- <html>
- <head>
- <meta charset="utf-8" />
- <title>Please login!</title>
- </head>
- <body>
- <div id="contact">
- <h1>Send an email</h1>
- <form action="http://application.nodejs/authenticate" method="post">
- <fieldset>
- <label for="name">Username:</label>
- <input type="text" id="username" name="username" placeholder="Username" />
- <label for="Password">Password:</label>
- <input type="password" id="password" autocomplete="off" />
- <input type="submit" value="Authenticate" />
- </fieldset>
- </form>
- </div>
- </body>
- </html>
- var express = require('express');
- var app = express();
- app.use(express.bodyParser());
- app.post('/authenticate',function(req, res) {
- authenticate(req.params.username,req.params.password);
- });
- app.listen(80, function() {
- console.log('Server running...');
- });
- Answer:
- ??
- Based on the code snippet provided, please provide each of the following:
- The identified vulnerability class
- An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
- An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
- In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
- What should be done to mitigate the vulnerability?
- <?php
- if(isset($_GET['save_config']))
- {
- // Content that will be written to the config file
- $content = "<?php
- ";
- // Iterate each POST parameter and write the config file
- foreach($_POST as $param_name => $value) {
- $content.= "$config['db']['".$param_name."'] = '".addslashes($value)."';
- ";
- }
- $content.= "?>";
- // Open the WEB_ROOT/includes/config.php for writing
- $handle = fopen('../includes/config.php', 'w');
- // Write the config file
- fwrite($handle, $content);
- // Close the file
- fclose($handle);
- header("Location: settings.php");
- exit;
- }
- ?>
- Answer:
- ??
- Based on the code snippet provided, please provide each of the following:
- The identified vulnerability class
- An explanation of the issue within the code (what are the lines of code that lead to the vulnerability and why?)
- An example of sample parameters or arguments that could be used to exploit or demonstrate the existence of the vulnerability.
- In general, what could be done with this vulnerability class to escalate privileges or further exploit the application or other users?
- What should be done to mitigate the vulnerability?
- If results = 0 Then
- response.write("<p>Could not find: ")
- response.write(request.getParameter("search_str") _
- + "</p>")
- Else
- printResults(results)
- End If
- Answer:
- ??
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement