Skip to content

tuvalroz/hw4-frontEnd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
hw4-V1-NotSafe
hw4-V1-NotSafe
 
 
hw4-V2-Safe
hw4-V2-Safe
 
 
README.md
README.md
 
 

Repository files navigation

Steps to execute attack:

  1. On a cmd nevigate to 'hw4-frontEnd/hw4-V1-NotSafe'
  2. Run 'npm install'
  3. Run 'npm run dev'
  4. On your browser go to 'http://localhost:3000/'
  5. Register to the app and post a draft
  6. Go to the devtools and from Cookies copy the token under 'FrontEndToken'
  7. Open powershell and run this: curl -X POST \ -H "cookie: FrontEndToken=<The_Token_You_Coppied>" http://localhost:3000/drafts
  8. Expected result- a page with the informtaion of your drafts page is returned- Hacked!

Running the safe version

  1. On a cmd nevigate to 'hw4-frontEnd/hw4-V2-Safe'
  2. Run 'npm install'
  3. Run 'npm run dev'
  4. Open powershell and run this: curl -X POST \ -H "cookie: FrontEndToken=<The_Token_You_Coppied>" http://localhost:3000/drafts
  5. Expected result- the page with the drafts will not be returned- Hack prevented

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages