profile picture of Isuka sanuj
Web exploits

Request can be malicious

Heey after about week im back so lets start. so first this story begins with my homie sent me a web backend develop with express.js to fix a bug😒so I fixed it but you know me😂after I fixed it I read the whole code.hmm there is

Mar 10, 2024 2 mins

Request can be malicious

Heey after about week im back so lets start.

so first this story begins with my homie sent me a web backend develop with express.js to fix a bug😒so I fixed it but you know me😂after I fixed it I read the whole code.hmm there is a interesting thing to me.A code that he wrote for add users to db

app.post('/users', async (req, res) => {
  try {
   const userData = req.body;
   const newUser = new User(userData);
   await newUser.save();
   res.status(201).json({ message: 'User created successfully', user: newUser });
  } catch (error) {
   console.error(error);
    res.status(500).json({ message: 'Internal Server Error' });
  }
});

ok so what’s wrong with this.

let me explain

i sent few requests and found that if i can send db column names and value for each column in a request it can be add to the db😲so like if there is a column in db called role(define a role for user) i can sent a request with whatever role that i need to and it can be added to the db

ok so let me simple it

its like if i sent request have same mass that program can insert it can be stored or i can say it like this “developers inject an entire set of user-entered data from a form directly into an object or database” this is what we called mass assignment.

so if sent a request like this

POST /users HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Content-Type: application/json
Content-Length: 107  
Accept: application/json
Custom-Header: Custom-Value

{"username":"example", "email":"example@example.com", "password":"secret","role":"admin"}

boom i created a admin user without any permissions😂so like it is what is it.so lets see what this dude can do to systems(i mean mass assignment)

Risks of mass assignment

  1. Unauthorized Access:
  • Attackers may exploit mass assignment to modify user roles or permissions, gaining unauthorized access to sensitive areas of the application or system.

2. Elevation of Privileges:

  • An attacker could manipulate object properties to elevate their privileges within the system, gaining access to functionalities or data they are not supposed to have.
    Data Tampering:
  • etc …

Mass assignment vulnerabilities can be exploited to modify or tamper with critical data, potentially leading to data integrity issues and incorrect processing of information.

ok so this is it ima gonna write my research paper on insecure deserialization

end

Read next

Getting RCE from web via ftp exploit
Getting RCE from web via ftp exploit

Mar 20, 2024 5 mins

Get RCE With SSTI
Get RCE With SSTI

Mar 29, 2024 4 mins

Secrets of LFI🤫
Secrets of LFI🤫

Mar 12, 2024 5 mins