Forum Discussion

Bronze I

12 days ago

Node.js - Beginner -- What am I missing?

In the Node.js - Beginner collection there is a practical lab on Forced Browsing. I have completed what is setup as the criteria for the lab but it keeps telling me that the code isn't secure. I h...

feedback

help & support

rfrymire69

Bronze I

That didn't seem to help either. In the post above all the code existed except lines 2-5 and line 12 was moved from basically line 2 without my additions. The addition of author to line 13 should only pull back the drafts associated to the author. This seems to be the correct implementation based upon the requirements. Every test of the code returns insecure though.

Am I still reading too much into it?

1.) Identify the forced browsing vulnerability.
2.) Add an appropriate authorization check and send a 401 for unauthorized users in the getDraft function.

netcat

Bronze II

11 days ago

You read only the 1st half of the first sentence of my reply, isn't it?. Continue with reading the rest, that will help.

Forum Discussion

Node.js - Beginner -- What am I missing?

Related Content

Persistence: Accessibility Features - missing token.txt

What is the best content for a complete beginner?

I can see a blue banner in collections and career paths that says I don’t have a license to view all the labs, how can I get access to these missing labs?

Re: Application Security Languages

Introduction to OWASP ZAP

Recent Discussions

SuperSonic: Ep.6 – TEMPLE

Open Source Intelligence (OSINT): Boarding Pass

Events & Breaches: Magecart Skimmer

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Zeek - Demonstrate Your Skills