Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 4db1d7b

Browse files
BrokenAuth - dockerized
1 parent 8ba802d commit 4db1d7b

File tree

4 files changed

+52
-15
lines changed

4 files changed

+52
-15
lines changed
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
FROM golang:latest
2+
3+
#Install and update system dependencies
4+
RUN apt update -y; apt install -y supervisor
5+
6+
#Prepare and setup the working directory
7+
RUN mkdir -p /app
8+
WORKDIR /app
9+
COPY vsnippet .
10+
COPY config/supervisord.conf /etc/supervisord.conf
11+
12+
EXPOSE 1337
13+
14+
ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ]
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
[supervisord]
2+
user=root
3+
nodaemon=true
4+
logfile=/dev/null
5+
logfile_maxbytes=0
6+
pidfile=/run/supervisord.pid
7+
8+
[program:golang-http]
9+
command=go run /app/5-broken-auth-spoof.go
10+
stdout_logfile=/dev/stdout
11+
stdout_logfile_maxbytes=0
12+
stderr_logfile=/dev/stderr
13+
stderr_logfile_maxbytes=0
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
version: '3.8'
2+
services:
3+
golang-http:
4+
container_name: vsnippet-broken-auth-spoof-5
5+
build:
6+
context: .
7+
dockerfile: Dockerfile
8+
ports:
9+
- 1337:1337

‎BrokenAuth/1/5-BrokenAuth.go‎ renamed to ‎BrokenAuth/broken-auth-spoof/vsnippet/5-broken-auth-spoof.go‎

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,26 +4,27 @@ package main
44
* YesWeHack - Vulnerable code snippets
55
*/
66

7-
/** Run the code snippet
8-
* COMMAND: go run 5-BrokenAuth.go
9-
*/
107
import (
118
"fmt"
12-
"log"
139
"net/http"
1410
"strings"
1511
)
1612

13+
type Headers struct {
14+
ClientIP string
15+
Role *http.Cookie
16+
}
17+
1718
func main() {
18-
typeHeadersstruct {
19-
ClientIPstring
20-
Role*http.Cookie
21-
}
19+
http.HandleFunc("/",
20+
func(w http.ResponseWriter, r*http.Request) {
21+
fmt.Fprintln(w, "To access as admin you need to have a role as \"admin\" and be on the localhost system.")
22+
})
2223

2324
http.HandleFunc("/admin",
2425
func(w http.ResponseWriter, r *http.Request) {
2526

26-
//Client checks:
27+
//Client checks:
2728
h := &Headers{}
2829
h.Role, _ = r.Cookie("role")
2930
h.ClientIP = r.Header.Get("X-Forwarded-For")
@@ -34,13 +35,13 @@ func main() {
3435
if strings.ToLower(h.Role.Value) == "admin" {
3536
for _, host := range []string{"127.0.0.1", "localhost"} {
3637
if host == strings.Split(h.ClientIP, ":")[0] {
37-
3838
fmt.Fprintln(w, html_AdminDashboard())
3939
}
4040
}
4141
}
4242
})
43-
run() //Start server
43+
//Start web server
44+
run()
4445
}
4546

4647
func html() string {
@@ -54,8 +55,8 @@ func html_AdminDashboard() string {
5455
}
5556

5657
func run() {
57-
fmt.Printf("Starting server at port http://127.0.0.1:5000\n")
58-
iferr:= http.ListenAndServe(":5000", nil); err!=nil {
59-
log.Fatal(err)
60-
}
58+
port :=1337
59+
addr:= fmt.Sprintf("0.0.0.0:%d", port)
60+
fmt.Printf("Server listening on : http://%s\n", addr)
61+
http.ListenAndServe(addr, nil)
6162
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /