For this post I’ll be going through the mass assignment examples in web for pentesters 2. Mass assignments takes advantage of how some programming frameworks allow a programmers to bind HTTP request parameters to variables. The attacker abuses this by sending request parameters to the system in hope of overwriting existing code parameters. OWASP have a great write on how it works for different languages and how to protect against it.
This walk through will show you have to exploit this flaw using a web proxy. These examples takes advantage of the mass assignment flaw found in ruby.
So first off load up the example page then the proxy of your choice, make sure its setup to intercept the traffic.
Then sign up as a regular user.
Once the request has been sent, go to your proxy app.
In the GET request add the parameter &user[admin]=1 after the parameters.
Same as above, I think i may have done the first example a little wrong :S
This example follows the same steps as before, except instead of user[admin]=1 to get admin, you add user[company_id]=2 to gain access to company 2’s secret data.
That will be it for now, hopefully by next week I’ll have either the captcha examples done or the randomness issues example done.