-
Notifications
You must be signed in to change notification settings - Fork 141
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #137 from timmyteo/feature/CWE-209
Feature/CWE 209
- Loading branch information
Showing
10 changed files
with
178 additions
and
8 deletions.
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> | ||
<%@ page import="inc.insecure.*" %> | ||
<%@ page import="insecure.inc.Constants" %> | ||
<% | ||
String alertVisibility="hidden"; | ||
String usr = request.getParameter("usr"); | ||
String pwd = request.getParameter("pwd"); | ||
if(usr!=null && pwd!=null){ | ||
alertVisibility=""; | ||
if(usr.equals("demo") && pwd.equals("demo1234")){ | ||
request.getSession().setAttribute("cwe209loggedin", true); | ||
response.sendRedirect("cwe209loggedin.jsp"); | ||
} | ||
//see if the database user account is tried | ||
if(usr.equals("svc.database.insecure.inc") && pwd.equals("OWASP_R0ckZ!")){ | ||
session.setAttribute(Constants.CHALLENGE_ID,"cwe209"); | ||
response.sendRedirect(Constants.SECRET_PAGE); | ||
} | ||
} | ||
%> | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | ||
<html> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | ||
<title>Generation of Error Message Containing Sensitive Information</title> | ||
<link rel="stylesheet" href="public/bootstrap/css/bootstrap.min.css"> | ||
<script src="public/jquery.min.js"></script> | ||
<script src="public/bootstrap/js/bootstrap.min.js"></script> | ||
|
||
</head> | ||
<body> | ||
<nav class="navbar navbar-inverse"> | ||
<div class="container-fluid"> | ||
<div class="navbar-header"> | ||
<a class="navbar-brand" href="index.jsp">Insecure Inc.</a> | ||
</div> | ||
<ul class="nav navbar-nav"> | ||
<li class="active"><a href="#">CWE209 - Generation of Error Message Containing Sensitive Information</a></li> | ||
</ul> | ||
</div> | ||
</nav> | ||
<div class="container"> | ||
<p>Welcome to CWE209 - Generation of Error Message Containing Sensitive Information! You can use the following guest account credentials to login, | ||
user: <code>demo</code>, password: <code>demo1234</code> </p> | ||
<form action="cwe209.jsp" autocomplete="off" method="POST"> | ||
<div class="form-group"> | ||
<label for="usr">Name:</label> | ||
<input type="text" class="form-control" id="usr" name="usr"> | ||
</div> | ||
<!-- disables autocomplete --><input type="text" style="display:none"> | ||
<div class="form-group"> | ||
<label for="pwd">Password:</label> | ||
<input type="password" class="form-control" id="pwd" name="pwd"> | ||
</div> | ||
<input type="submit" id="submit" class="btn" value="Submit"> | ||
<br><br> | ||
<div class="alert alert-danger <%=alertVisibility%>"> | ||
Invalid credentials! | ||
</div> | ||
</form> | ||
</div> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> | ||
<%@ page import="inc.insecure.*" %> | ||
<% | ||
if(session.getAttribute("cwe209loggedin")==null || !(boolean)session.getAttribute("cwe209loggedin") || request.getParameter("logout")!=null){ | ||
session.setAttribute("cwe209loggedin",false); | ||
response.sendRedirect("cwe209.jsp?loggedin=false"); | ||
} | ||
else{ | ||
String alertVisibility="hidden"; | ||
String query = request.getParameter("query"); | ||
if(query!=null){ | ||
if(query.contains("'") || query.contains("<") || query.contains(">") || query.contains("#") || query.contains("-") || query.contains("=")){ | ||
try{ | ||
throw new RuntimeException("Error: unexpected character in query '" + query + "' using connection jdbc:mysql://localhost:3306/insecureinc?user=svc.database.insecure.inc&password=OWASP_R0ckZ!"); | ||
} | ||
catch (Exception e){ | ||
e.printStackTrace(response.getWriter()); | ||
} | ||
} | ||
else{ | ||
alertVisibility=""; | ||
} | ||
} | ||
%> | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | ||
<html> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | ||
<title>Guest</title> | ||
<link rel="stylesheet" href="public/bootstrap/css/bootstrap.min.css"> | ||
<script src="public/jquery.min.js"></script> | ||
<script src="public/bootstrap/js/bootstrap.min.js"></script> | ||
|
||
</head> | ||
<body> | ||
<nav class="navbar navbar-inverse"> | ||
<div class="container-fluid"> | ||
<div class="navbar-header"> | ||
<a class="navbar-brand" href="index.jsp">Insecure Inc.</a> | ||
</div> | ||
<ul class="nav navbar-nav"> | ||
<li class="active"><a href="#">Guest</a></li> | ||
</ul> | ||
<ul class="nav navbar-nav navbar-right"> | ||
<li><a href="cwe209loggedin.jsp?logout=true"><span class="glyphicon glyphicon-log-out"></span> Logout</a></li> | ||
</ul> | ||
</div> | ||
</nav> | ||
<div class="container"> | ||
<h1>Welcome to the guest section of the site.</h1> | ||
<p>Please enter your search term to return results from the Insecure Inc. archive.</p> | ||
<form action="cwe209loggedin.jsp" autocomplete="off" method="POST"> | ||
<div class="form-group"> | ||
<label for="search">Search:</label> | ||
<input type="text" class="form-control" id="search" name="query"> | ||
</div> | ||
<input type="submit" id="submit" class="btn" value="Submit"> | ||
<br><br> | ||
<div class="alert alert-danger <%=alertVisibility%>"> | ||
No results found for '<%=query%>'! | ||
</div> | ||
</form> | ||
</div> | ||
</body> | ||
</html> | ||
<% | ||
} | ||
%> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<p> | ||
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Generation of Error Message Containing Sensitive Information'. | ||
<br><br> | ||
|
||
<blockquote> | ||
<p> | ||
<i>The product generates an error message that includes sensitive information about its environment, users, or associated data.</i> | ||
</p> | ||
<footer>From MITRE <a target="_blank" rel="noopener noreferrer" href="https://cwe.mitre.org/data/definitions/209.html">CWE 209</a></footer> | ||
</blockquote> | ||
<p> | ||
The developer of this part of the site has not implemented secure error handling. As a result, sensitive information about how the application is built can leak and be exploited. | ||
</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
### Solution for "Generation of Error Message Containing Sensitive Information" challenge | ||
|
||
Error messages can contain detailed information about how the application operates, as well as sensitive information about its environment, users, or associated data. | ||
Instead of allowing detailed error messages to be returned to the user, generic error messages with an error ID or code should be returned instead. | ||
The details of the error can be saved to the application logs, accessible only to the application owners. | ||
|
||
|
||
To pass this challenge: | ||
|
||
- Become familiar with the Insecure Inc. archive search after logging in with the guest account. | ||
- Invoke an error in the archive search by entering characters that might be problematic. | ||
- Review error details for credentials that can be used for authentication. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters