steven
Bronze III
Bronze IIIFind the Flaw: C – Insecure Design - Level 6
I'm struggling with that level only and it started to drive me crazy :)
In my eyes, the corresponding CWE is affected by:
enforces the GET method:
if (!request_method || strcmp(request_method, "GET") != 0) {fetches the query string containing sensitive:
char *query_string = getenv("QUERY_STRING");parse the username and password from the GET query string:
char *token = strtok(query_string, "&");
if (strncmp(token, "username=", 9) == 0) strncpy(username, token+9, 256);
if (strncmp(token, "password=", 9) == 0) strncpy(password, token+9, 256);although, other combinations with those lines are not bringing it to a positive end:
...
char *request_method = getenv("REQUEST_METHOD");
...
if (!request_method || strcmp(request_method, "GET") != 0) {
...
char *query_string = getenv("QUERY_STRING");
...
char username[256] = {0};
char password[256] = {0};
...
char *token = strtok(query_string, "&");
while (token != NULL) {
if (strncmp(token, "username=", 9) == 0) strncpy(username, token+9, 256);
if (strncmp(token, "password=", 9) == 0) strncpy(password, token+9, 256);
token = strtok(NULL, "&");
}
...
if (strcmp(hashed_password, (const char*)db_password) == 0) {
...so, has anyone solved this?
You need 5 consecutive lines, the 5th line containing only "}". You found one of these lines already.
