You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Let's imagine a website with the following source code:
constexpress=require('express');constcookieParser=require('cookie-parser');constcookieEncrypter=require('cookie-encrypter');constapp=express();app.use(cookieParser("NicePasswordHereItIsAGoodSecret!"));app.use(cookieEncrypter("NicePasswordHereItIsAGoodSecret!"));app.get('/login',function(req,res){res.cookie("role","guest")res.send("logged in as guest")})app.get("/admin",(req,res)=>{console.log(req.cookies)if(req.cookies.role=="admin"){res.send("Access granted.")}else{res.send("Access denied.")}})app.listen(80)
cookie-encrypter Vulnerability
Let's imagine a website with the following source code:
We load /login and get a cookie as guest:
We now have to XOR the IV: 87c3aa62cf38214f7c25d66eacb4c95a
We xor it by guest and by admin to change do the bit flip attack, here is a link to help: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'Hex','string':'67756573740000000000000000000000'%7D,'Standard',false)XOR(%7B'option':'Hex','string':'61646d696e0000000000000000000000'%7D,'Standard',false)To_Hex('None',0)&input=ODdjM2FhNjJjZjM4MjE0ZjdjMjVkNjZlYWNiNGM5NWE
So we get the following crafted cookie:
And now loading /admin we get: Access granted.
To reference this, use CVE-2024-53441
The text was updated successfully, but these errors were encountered: