diff --git a/owasp-top10-2017-apps/a5/ecommerce-api/docs/ATTACK.md b/owasp-top10-2017-apps/a5/ecommerce-api/docs/ATTACK.md index 4786f4174..cb22460c2 100644 --- a/owasp-top10-2017-apps/a5/ecommerce-api/docs/ATTACK.md +++ b/owasp-top10-2017-apps/a5/ecommerce-api/docs/ATTACK.md @@ -9,33 +9,32 @@ If you don't know [secDevLabs] or this [intended vulnerable web application][2] In order to better understand how this API works, two users, `user1` and `user2`, were created as shown below: ```sh -$ curl -s H "Content-Type: application/json" -d '{"username":"user1","password":"pass"}' http://localhost:8888/register +$ curl -s -H "Content-Type: application/json" -d '{"username":"user1","password":"pass"}' http://localhost:8888/register ``` ```sh -$ curl -s H "Content-Type: application/json" -d '{"username":"user2","password":"pass"}' http://localhost:8888/register +$ curl -s -H "Content-Type: application/json" -d '{"username":"user2","password":"pass"}' http://localhost:8888/register ```
-The users created above are registered on MongoDB, as we can see from the image below: +The users created above are registered on MongoDB and we can get their `userID` through the curl command: -
- -
- - -NOTE: We could also get an user's `userID` through the command below, which sends a POST request to the `login` route: ```sh -$ curl -d '{"username":"user1","password":"pass"}' http://localhost:8888/login +$ curl -s -H "Content-Type: application/json" -d '{"username":"user1","password":"pass"}' http://localhost:8888/login ``` ```sh -$ curl -d '{"username":"user2","password":"pass"}' http://localhost:8888/login +$ curl -s -H "Content-Type: application/json" -d '{"username":"user2","password":"pass"}' http://localhost:8888/login ``` + ++ +
+ ## 🔥 -Now, having the user's `userID`, we can verify that the route `GET /ticket/:userID` does not validade if the request was made by the user with the corresponding `userID` or someone else, as shown by the image: +Having both `userID`, we can verify that the route "`GET /ticket/:userID`" does not validade if the request was made by the same user or someone else without the proper permission, as shown by the image:diff --git a/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack1.png b/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack1.png index 421c91908..2ca94a9f0 100644 Binary files a/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack1.png and b/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack1.png differ diff --git a/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack2.png b/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack2.png index d4bd7e60b..7da5807f2 100644 Binary files a/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack2.png and b/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack2.png differ diff --git a/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack3.png b/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack3.png index 074954973..f3a7733c1 100644 Binary files a/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack3.png and b/owasp-top10-2017-apps/a5/ecommerce-api/docs/attack3.png differ