added a vuln for broken auth and session mgmt, issue #2

2013-05-21 00:58:11 -04:00
parent b2e2a1b4b0
commit 671095e030
4 changed files with 35 additions and 3 deletions
@@ -7,13 +7,20 @@ class SessionsController < ApplicationController
  end
  def create
      begin
        user = User.authenticate(params[:email], params[:password])
      rescue Exception => e
      end
      if user
        session[:id] = user.id if User.where(:id => user.id).exists?
        redirect_to home_dashboard_index_path
      else
        flash[:error] = e.message
        render "new"
      end
  end
  def destroy
@@ -13,8 +13,14 @@ class User < ActiveRecord::Base
       auth = nil
       user = find_by_email(email)
       # I heard something about hashing, dunno, why bother really. Nobody will get access to my stuff!
-       if user && user.password == password
+       if user
         if user.password == password
           auth = user
         else
          raise "Incorrect Password!"
         end 
       else
          raise "#{email} doesn't exist!"
       end
       return auth
  end
@@ -26,6 +26,7 @@
 <% end %>
 <div class="container-fluid">
 	<div class="dashboard-wrapper">
 		<%= render "layouts/shared/messages" %>
 		<%= yield %>
 	</div>
 </div>	
@@ -0,0 +1,18 @@
 <% flash.each do |name, msg| %>
 	<% if name == :error %> 
 		<div class="alert alert-error">
 			<a class="close" data-dismiss="alert" href="#">×</a>
  				<%= content_tag :div, msg, :id => "flash_notice" %>
 		</div>
 	<% elsif name == :success %>
 		<div class="alert alert-success">
 			<a class="close" data-dismiss="alert" href="#">×</a>
  				<%= content_tag :div, msg, :id => "flash_notice" %>
 		</div>
 	<% elsif name == :info %>
 		<div class="alert alert-info">
 			<a class="close" data-dismiss="alert" href="#">×</a>
 				<%= content_tag :div, msg, :id => "flash_notice" %>
 		</div>
 	<% end %>
 <% end %>