web for pentesters 2 mass assignment

For this post I’ll be going through the mass assignment examples in web for pentesters 2. Mass assignments takes advantage of how some programming frameworks allow a programmers to bind HTTP request parameters to variables. The attacker abuses this by sending request parameters to the system in hope of overwriting existing code parameters. OWASP have a great write on how it works for different languages and how to protect against it.

This walk through will show you have to exploit this flaw using a web proxy. These examples takes advantage of the mass assignment flaw found in ruby.

Example 1:

So first off load up the example page then the proxy of your choice, make sure its setup to intercept the traffic.

Then sign up as a regular user.

Once the request has been sent, go to your proxy app.

In the GET request add the parameter &user[admin]=1 after the parameters. 

Example 2:

Same as above, I think i may have done the first example a little wrong :S

 

Example 3:

This example follows the same steps as before, except instead of user[admin]=1 to get admin, you add user[company_id]=2 to gain access to company 2’s secret data.

That will be it for now, hopefully by next week I’ll have either the captcha examples done or the randomness issues example done.

 

Author: moxley91

Gate keeper of alexsemaan.xyz

2 thoughts on “web for pentesters 2 mass assignment”

  1. Ꮤow that was odd. I just wrote an еxtremely long cοmment but after I clicked
    submit my commеnt didn’t appear. Grrrr…
    weⅼl I’m not writіng alⅼ that over again.
    Regardless, just wanted to say wonderfuⅼ blog!

    1. I think I must have deleted it by accident with some of the other spam comments XD, but thank you for commenting, I hope it was useful.

Leave a Reply

Your email address will not be published. Required fields are marked *