SKF write-ups
Search…
NodeJS - Auth-bypass - Simple

Running the app nodeJs

First make sure nodejs and npm are installed on your host machine. After installation, we go to the folder of the lab we want to practice. "i.e /skf-labs/XSS, /skf-labs/RFI/" and run the following commands:
1
$ npm install
Copied!
1
$ npm start
Copied!
Now that the app is running let's go hacking!

Reconnaissance

While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply tampering with cookie values.
Let's log in with admin/admin as the application suggests.
We see an API key, let's check the cookies:

Exploitation

We have a cookie called userId, maybe this application is relying on this cookie for authentication, let's try changing it to 2.
The application did indeed use this cookie for authentication and now we have access to another user's API key.

Additional sources

OWASP Top Ten 2017 | A5:2017-Broken Access Control | OWASP Foundation
WSTG - Latest | OWASP Foundation
Export as PDF
Copy link
Edit on GitHub