SecureBank
  • About SecureBank
  • A01:2021 – Broken Access Control
    • About
    • Challenges
  • A02:2021 – Cryptographic Failures
    • About
    • Challenges
  • A03:2021 – Injection
    • About
    • Challenges
  • A04:2021 – Insecure Design
    • About
    • Challenges
  • A05:2021 – Security Misconfiguration
    • About
    • Challenges
  • A06:2021 – Vulnerable and Outdated Components
    • About
    • Challenges
  • A07:2021 – Identification and Authentication Failures
    • About
    • Challenges
  • A08:2021 – Software and Data Integrity Failures
    • About
    • Challenges
  • A09:2021 – Security Logging and Monitoring Failures
    • About
  • A10:2021 – Server-Side Request Forgery (SSRF)
    • About
    • Challenges
  • CROSS SITE SCRIPTING (XXS)
    • About
    • Challenges
  • XML External Entities (XXE)
    • About
    • Challenges
  • Miscellaneous
    • Invalid Model
    • Invalid Redirect
    • Directory Browsing
    • Simultaneous Request
    • reDOS
Powered by GitBook
On this page
  • CWE-285 Improper Authorization
  • CRUD page generation
  • Solution
  • Missing Authentication
  • Solution
  • Unconfirmed login
  • Solution

Was this helpful?

  1. A01:2021 – Broken Access Control

Challenges

PreviousAboutNextAbout

Last updated 2 years ago

Was this helpful?

CWE-285 Improper Authorization

REST API does not authorize the user. It should check whether the user that is making request is allowed to do so.

CRUD page generation

‌ Find auto-generated pages, but are not used.

Solution

Transaction controller was generated using Visual Studio. /Transaction/Edit (GET, POST) , /Transaction/Delete (GET, POST) and Transaction/DeleteConfirmed are not used but can be accessed.

You will find the flag in the response header.

Missing Authentication

In this challenge, you need to find endpoints that should be protected but are not.

Solution

  1. DeleteSessionId cookie and try all endpoints.

  2. When you try/api/User/GetAvaliableFunds?user={username} or /api/User/ProfileImage?user={usernane} you will find that you don't need SessionId cookie.

You will find the flag in the response header.

Unconfirmed login

In this challenge, you need to access /Transaction with an unconfirmed account.

Solution

  1. Register new user

  2. Go to /Transaction without confirming your account.

You will find the flag inside the page source.