Forum Discussion

steven's avatar
steven
Icon for Bronze III rankBronze III
12 days ago

Find the Flaw: C – Insecure Design - Level 6

I'm struggling with that level only and it started to drive me crazy :)

In my eyes, the corresponding CWE is affected by:

enforces the GET method:

if (!request_method || strcmp(request_method, "GET") != 0) {

fetches the query string containing sensitive:

char *query_string = getenv("QUERY_STRING");

parse the username and password from the GET query string:

char *token = strtok(query_string, "&"); 
if (strncmp(token, "username=", 9) == 0) strncpy(username, token+9, 256);
if (strncmp(token, "password=", 9) == 0) strncpy(password, token+9, 256);

although, other combinations with those lines are not bringing it to a positive end:

 ...
    char *request_method = getenv("REQUEST_METHOD");
...
    if (!request_method || strcmp(request_method, "GET") != 0) {
...
    char *query_string = getenv("QUERY_STRING");
...
    char username[256] = {0};
    char password[256] = {0};
...
    char *token = strtok(query_string, "&");
    while (token != NULL) {
        if (strncmp(token, "username=", 9) == 0) strncpy(username, token+9, 256);
        if (strncmp(token, "password=", 9) == 0) strncpy(password, token+9, 256);
        token = strtok(NULL, "&");
    }
...
        if (strcmp(hashed_password, (const char*)db_password) == 0) {
...

so, has anyone solved this?

help & support
  • netcat's avatar
    netcat
    12 days ago

    You need 5 consecutive lines, the 5th line containing only "}". You found one of these lines already.

  • netcat's avatar
    netcat
    Icon for Bronze III rankBronze III
    12 days ago

    You need 5 consecutive lines, the 5th line containing only "}". You found one of these lines already.

    • steven's avatar
      steven
      Icon for Bronze III rankBronze III
      12 days ago

      netcatthanks for your help. finally closed this, I've tried all solutions, and mostly in those "find-the-flaw" labs, you don't need to include the } ... anyway, done. thanks!