├── .gitignore ├── LICENSE ├── README.md ├── access-control ├── .gitignore ├── .tool-versions ├── README.md ├── app.fix.js ├── app.vuln.js ├── authentication.js ├── package-lock.json ├── package.json └── secret.js ├── authentication-bypass ├── README.md ├── app.fix.php ├── app.vuln.php ├── composer.json └── index.php ├── case-transformation-collision ├── .tool-versions ├── Gemfile ├── Gemfile.lock ├── README.md ├── app.fix.rb ├── app.vuln.rb ├── config.ru └── data.json ├── dns-rebinding ├── .tool-versions ├── Gemfile ├── Gemfile.lock ├── README.md ├── app.fix.rb ├── app.vuln.rb └── config.ru ├── inconsistent-values ├── .tool-versions ├── Gemfile ├── Gemfile.lock ├── README.md ├── app.fix.rb ├── app.vuln.rb └── config.ru ├── local-file-disclosure ├── .gitignore ├── .tool-versions ├── Cargo.lock ├── Cargo.toml ├── README.md ├── examples │ ├── app-fix.rs │ ├── app-vuln.rs │ └── app-vuln2.rs └── static │ └── polygons.svg └── open-redirect ├── .tool-versions ├── Gemfile ├── Gemfile.lock ├── README.md ├── app.fix.rb ├── app.vuln.rb └── config.ru /.gitignore: -------------------------------------------------------------------------------- 1 | images/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Alexandre ZANNI at ACCEIS 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | 5 | # Vulnerable Code Snippets 6 | 7 | > Vulnerable code snippets repository showcasing different vulnerabilities to practice code analysis skills. 8 | 9 | **Website**: https://acceis.github.io/avcs-website/ 10 | 11 | ## Disclaimer 12 | 13 | The code example showcased here are not suited for production use. You should run them on a secure environment. The code is intentionally vulnerable and is intended for learning purpose only. 14 | 15 | ## Vulnerabilities 16 | 17 | **Open Redirect**: 18 | 19 | - n°1 - [open-redirect](open-redirect) folder 20 | 21 | Ref. 22 | 23 | - [OWASP Cheat Sheet - Unvalidated Redirects and Forwards Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) 24 | - [CWE-601: URL Redirection to Untrusted Site ('Open Redirect')](https://cwe.mitre.org/data/definitions/601.html) 25 | 26 | **Case Transformation Collision** 27 | 28 | - n°2 - [case-transformation-collision](case-transformation-collision) folder 29 | 30 | Ref. 31 | 32 | - [CWE-179: Incorrect Behavior Order: Early Validation](https://cwe.mitre.org/data/definitions/179.html) 33 | - [UAX #15 - Unicode Normalization Forms](https://unicode.org/reports/tr15/) 34 | 35 | **Broken access control** 36 | 37 | - n°3 - [access-control](access-control) folder 38 | 39 | Ref. 40 | 41 | - [CWE-284: Improper Access Control](https://cwe.mitre.org/data/definitions/284.html) 42 | - [CWE-178: Improper Handling of Case Sensitivity](https://cwe.mitre.org/data/definitions/178.html) 43 | - [CWE-1289: Improper Validation of Unsafe Equivalence in Input](https://cwe.mitre.org/data/definitions/1289.html) 44 | 45 | **SSRF** 46 | 47 | - n°4 - [inconsistent-values](inconsistent-values) folder 48 | 49 | Ref. 50 | 51 | - [CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities](https://cwe.mitre.org/data/definitions/435.html) 52 | - [CWE-436: Interpretation Conflict](https://cwe.mitre.org/data/definitions/436.html) 53 | - [CWE-657: Violation of Secure Design Principles](https://cwe.mitre.org/data/definitions/657.html) 54 | - [CWE-637: Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')](https://cwe.mitre.org/data/definitions/637.html) 55 | - [CWE-807: Reliance on Untrusted Inputs in a Security Decision](https://cwe.mitre.org/data/definitions/807.html) 56 | - [CWE-182: Collapse of Data into Unsafe Value](https://cwe.mitre.org/data/definitions/182.html) 57 | - [CWE-754: Improper Check for Unusual or Exceptional Conditions](https://cwe.mitre.org/data/definitions/754.html) 58 | - [CWE-863: Incorrect Authorization](https://cwe.mitre.org/data/definitions/863.html) 59 | - [CWE-285: Improper Authorization](https://cwe.mitre.org/data/definitions/285.html) 60 | 61 | **SSRF** 62 | 63 | - n°5 - [dns-rebinding](dns-rebinding) folder 64 | 65 | Ref. 66 | 67 | - [CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition](https://cwe.mitre.org/data/definitions/367.html) 68 | 69 | **Resource Injection** 70 | 71 | - n°6 - [authentication-bypass](authentication-bypass) folder 72 | 73 | Ref. 74 | 75 | - [CWE-20: Improper Input Validation](https://cwe.mitre.org/data/definitions/20.html) 76 | - [CWE-914: Improper Control of Dynamically-Identified Variables](https://cwe.mitre.org/data/definitions/914.html) 77 | - [CWE-621: Variable Extraction Error](https://cwe.mitre.org/data/definitions/621.html) 78 | - [PHP - extract](https://www.php.net/manual/en/function.extract) 79 | 80 | **Local file disclosure** 81 | 82 | - n°7 - [local-file-disclosure](local-file-disclosure) folder 83 | 84 | Ref. 85 | 86 | - [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html) 87 | - [CWE-23: Relative Path Traversal](https://cwe.mitre.org/data/definitions/23.html) 88 | - [CWE-73: External Control of File Name or Path](https://cwe.mitre.org/data/definitions/73.html) 89 | - [CWE-183: Permissive List of Allowed Inputs](https://cwe.mitre.org/data/definitions/183.html) 90 | - [CWE-625: Permissive Regular Expression](https://cwe.mitre.org/data/definitions/625.html) 91 | - [CWE-706: Use of Incorrectly-Resolved Name or Reference](https://cwe.mitre.org/data/definitions/706.html) -------------------------------------------------------------------------------- /access-control/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules -------------------------------------------------------------------------------- /access-control/.tool-versions: -------------------------------------------------------------------------------- 1 | nodejs 18.15.0 2 | -------------------------------------------------------------------------------- /access-control/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a Node.js environment (tested with Node.js 18.15.0). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 2. Install dependencies: `npm install`. 5 | 3. Run! (see below) 6 | 7 | ## Usage 8 | 9 | Start the vulnerable app: 10 | 11 | ``` 12 | node app.vuln.js 13 | ``` 14 | 15 | Start the fixed app: 16 | 17 | ``` 18 | node app.fix.js 19 | ``` 20 | 21 | ## Announcement and solution 22 | 23 | Challenge announcement: 24 | 25 | - 🇫🇷 https://twitter.com/acceis/status/1647981700218077185 26 | - 🇬🇧 https://twitter.com/acceis/status/1647981702235422720 27 | 28 | Solution article: 29 | 30 | - 🇫🇷 https://www.acceis.fr/solution-de-lextrait-de-code-vulnerable-n3/ 31 | - 🇬🇧 https://www.acceis.fr/solution-for-the-vulnerable-code-snippet-n3/ 32 | -------------------------------------------------------------------------------- /access-control/app.fix.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const app = express(); 3 | const auth = require('./authentication'); 4 | const secret = require('./secret'); 5 | 6 | // cf. https://expressjs.com/en/api.html#app.settings.table 7 | app.set('case sensitive routing', true); 8 | 9 | app.use((req, res, next) => { 10 | // or case insensitive check: /^\/secret/i.test(req.url) 11 | // Regexp is probably not the right way to handle it 12 | if (req.url.startsWith('/secret')) { 13 | const authorized = auth.verify(req); 14 | if (!authorized) { 15 | return res.status(401).send('Incorrect authentication token!'); 16 | } 17 | } 18 | next(); 19 | }); 20 | 21 | app.use('/secret', secret); 22 | 23 | app.listen(4242); 24 | -------------------------------------------------------------------------------- /access-control/app.vuln.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const app = express(); 3 | const auth = require('./authentication'); 4 | const secret = require('./secret'); 5 | 6 | app.use((req, res, next) => { 7 | if (req.url.startsWith('/secret')) { 8 | const authorized = auth.verify(req); 9 | if (!authorized) { 10 | return res.status(401).send('Incorrect authentication token!'); 11 | } 12 | } 13 | next(); 14 | }); 15 | 16 | app.use('/secret', secret); 17 | 18 | app.listen(4242); 19 | -------------------------------------------------------------------------------- /access-control/authentication.js: -------------------------------------------------------------------------------- 1 | exports.verify = (req) => { 2 | return req.get('X-Auth-Token') == 'HuxVWKKjtKS7o9g9svdQ' ? true : false 3 | } -------------------------------------------------------------------------------- /access-control/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "avcs3", 3 | "version": "1.0.0", 4 | "lockfileVersion": 3, 5 | "requires": true, 6 | "packages": { 7 | "": { 8 | "name": "avcs3", 9 | "version": "1.0.0", 10 | "license": "ISC", 11 | "dependencies": { 12 | "express": "^4.18.2" 13 | } 14 | }, 15 | "node_modules/accepts": { 16 | "version": "1.3.8", 17 | "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", 18 | "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", 19 | "dependencies": { 20 | "mime-types": "~2.1.34", 21 | "negotiator": "0.6.3" 22 | }, 23 | "engines": { 24 | "node": ">= 0.6" 25 | } 26 | }, 27 | "node_modules/array-flatten": { 28 | "version": "1.1.1", 29 | "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", 30 | "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" 31 | }, 32 | "node_modules/body-parser": { 33 | "version": "1.20.1", 34 | "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", 35 | "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", 36 | "dependencies": { 37 | "bytes": "3.1.2", 38 | "content-type": "~1.0.4", 39 | "debug": "2.6.9", 40 | "depd": "2.0.0", 41 | "destroy": "1.2.0", 42 | "http-errors": "2.0.0", 43 | "iconv-lite": "0.4.24", 44 | "on-finished": "2.4.1", 45 | "qs": "6.11.0", 46 | "raw-body": "2.5.1", 47 | "type-is": "~1.6.18", 48 | "unpipe": "1.0.0" 49 | }, 50 | "engines": { 51 | "node": ">= 0.8", 52 | "npm": "1.2.8000 || >= 1.4.16" 53 | } 54 | }, 55 | "node_modules/bytes": { 56 | "version": "3.1.2", 57 | "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", 58 | "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", 59 | "engines": { 60 | "node": ">= 0.8" 61 | } 62 | }, 63 | "node_modules/call-bind": { 64 | "version": "1.0.2", 65 | "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", 66 | "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", 67 | "dependencies": { 68 | "function-bind": "^1.1.1", 69 | "get-intrinsic": "^1.0.2" 70 | }, 71 | "funding": { 72 | "url": "https://github.com/sponsors/ljharb" 73 | } 74 | }, 75 | "node_modules/content-disposition": { 76 | "version": "0.5.4", 77 | "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", 78 | "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", 79 | "dependencies": { 80 | "safe-buffer": "5.2.1" 81 | }, 82 | "engines": { 83 | "node": ">= 0.6" 84 | } 85 | }, 86 | "node_modules/content-type": { 87 | "version": "1.0.5", 88 | "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", 89 | "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", 90 | "engines": { 91 | "node": ">= 0.6" 92 | } 93 | }, 94 | "node_modules/cookie": { 95 | "version": "0.5.0", 96 | "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", 97 | "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", 98 | "engines": { 99 | "node": ">= 0.6" 100 | } 101 | }, 102 | "node_modules/cookie-signature": { 103 | "version": "1.0.6", 104 | "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", 105 | "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" 106 | }, 107 | "node_modules/debug": { 108 | "version": "2.6.9", 109 | "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", 110 | "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", 111 | "dependencies": { 112 | "ms": "2.0.0" 113 | } 114 | }, 115 | "node_modules/depd": { 116 | "version": "2.0.0", 117 | "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", 118 | "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", 119 | "engines": { 120 | "node": ">= 0.8" 121 | } 122 | }, 123 | "node_modules/destroy": { 124 | "version": "1.2.0", 125 | "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", 126 | "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", 127 | "engines": { 128 | "node": ">= 0.8", 129 | "npm": "1.2.8000 || >= 1.4.16" 130 | } 131 | }, 132 | "node_modules/ee-first": { 133 | "version": "1.1.1", 134 | "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", 135 | "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" 136 | }, 137 | "node_modules/encodeurl": { 138 | "version": "1.0.2", 139 | "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", 140 | "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", 141 | "engines": { 142 | "node": ">= 0.8" 143 | } 144 | }, 145 | "node_modules/escape-html": { 146 | "version": "1.0.3", 147 | "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", 148 | "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" 149 | }, 150 | "node_modules/etag": { 151 | "version": "1.8.1", 152 | "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", 153 | "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", 154 | "engines": { 155 | "node": ">= 0.6" 156 | } 157 | }, 158 | "node_modules/express": { 159 | "version": "4.18.2", 160 | "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", 161 | "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", 162 | "dependencies": { 163 | "accepts": "~1.3.8", 164 | "array-flatten": "1.1.1", 165 | "body-parser": "1.20.1", 166 | "content-disposition": "0.5.4", 167 | "content-type": "~1.0.4", 168 | "cookie": "0.5.0", 169 | "cookie-signature": "1.0.6", 170 | "debug": "2.6.9", 171 | "depd": "2.0.0", 172 | "encodeurl": "~1.0.2", 173 | "escape-html": "~1.0.3", 174 | "etag": "~1.8.1", 175 | "finalhandler": "1.2.0", 176 | "fresh": "0.5.2", 177 | "http-errors": "2.0.0", 178 | "merge-descriptors": "1.0.1", 179 | "methods": "~1.1.2", 180 | "on-finished": "2.4.1", 181 | "parseurl": "~1.3.3", 182 | "path-to-regexp": "0.1.7", 183 | "proxy-addr": "~2.0.7", 184 | "qs": "6.11.0", 185 | "range-parser": "~1.2.1", 186 | "safe-buffer": "5.2.1", 187 | "send": "0.18.0", 188 | "serve-static": "1.15.0", 189 | "setprototypeof": "1.2.0", 190 | "statuses": "2.0.1", 191 | "type-is": "~1.6.18", 192 | "utils-merge": "1.0.1", 193 | "vary": "~1.1.2" 194 | }, 195 | "engines": { 196 | "node": ">= 0.10.0" 197 | } 198 | }, 199 | "node_modules/finalhandler": { 200 | "version": "1.2.0", 201 | "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", 202 | "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==", 203 | "dependencies": { 204 | "debug": "2.6.9", 205 | "encodeurl": "~1.0.2", 206 | "escape-html": "~1.0.3", 207 | "on-finished": "2.4.1", 208 | "parseurl": "~1.3.3", 209 | "statuses": "2.0.1", 210 | "unpipe": "~1.0.0" 211 | }, 212 | "engines": { 213 | "node": ">= 0.8" 214 | } 215 | }, 216 | "node_modules/forwarded": { 217 | "version": "0.2.0", 218 | "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", 219 | "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", 220 | "engines": { 221 | "node": ">= 0.6" 222 | } 223 | }, 224 | "node_modules/fresh": { 225 | "version": "0.5.2", 226 | "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", 227 | "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", 228 | "engines": { 229 | "node": ">= 0.6" 230 | } 231 | }, 232 | "node_modules/function-bind": { 233 | "version": "1.1.1", 234 | "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", 235 | "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" 236 | }, 237 | "node_modules/get-intrinsic": { 238 | "version": "1.2.0", 239 | "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz", 240 | "integrity": "sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==", 241 | "dependencies": { 242 | "function-bind": "^1.1.1", 243 | "has": "^1.0.3", 244 | "has-symbols": "^1.0.3" 245 | }, 246 | "funding": { 247 | "url": "https://github.com/sponsors/ljharb" 248 | } 249 | }, 250 | "node_modules/has": { 251 | "version": "1.0.3", 252 | "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", 253 | "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", 254 | "dependencies": { 255 | "function-bind": "^1.1.1" 256 | }, 257 | "engines": { 258 | "node": ">= 0.4.0" 259 | } 260 | }, 261 | "node_modules/has-symbols": { 262 | "version": "1.0.3", 263 | "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", 264 | "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", 265 | "engines": { 266 | "node": ">= 0.4" 267 | }, 268 | "funding": { 269 | "url": "https://github.com/sponsors/ljharb" 270 | } 271 | }, 272 | "node_modules/http-errors": { 273 | "version": "2.0.0", 274 | "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", 275 | "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", 276 | "dependencies": { 277 | "depd": "2.0.0", 278 | "inherits": "2.0.4", 279 | "setprototypeof": "1.2.0", 280 | "statuses": "2.0.1", 281 | "toidentifier": "1.0.1" 282 | }, 283 | "engines": { 284 | "node": ">= 0.8" 285 | } 286 | }, 287 | "node_modules/iconv-lite": { 288 | "version": "0.4.24", 289 | "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", 290 | "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", 291 | "dependencies": { 292 | "safer-buffer": ">= 2.1.2 < 3" 293 | }, 294 | "engines": { 295 | "node": ">=0.10.0" 296 | } 297 | }, 298 | "node_modules/inherits": { 299 | "version": "2.0.4", 300 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", 301 | "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" 302 | }, 303 | "node_modules/ipaddr.js": { 304 | "version": "1.9.1", 305 | "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", 306 | "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", 307 | "engines": { 308 | "node": ">= 0.10" 309 | } 310 | }, 311 | "node_modules/media-typer": { 312 | "version": "0.3.0", 313 | "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", 314 | "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", 315 | "engines": { 316 | "node": ">= 0.6" 317 | } 318 | }, 319 | "node_modules/merge-descriptors": { 320 | "version": "1.0.1", 321 | "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", 322 | "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==" 323 | }, 324 | "node_modules/methods": { 325 | "version": "1.1.2", 326 | "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", 327 | "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", 328 | "engines": { 329 | "node": ">= 0.6" 330 | } 331 | }, 332 | "node_modules/mime": { 333 | "version": "1.6.0", 334 | "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", 335 | "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", 336 | "bin": { 337 | "mime": "cli.js" 338 | }, 339 | "engines": { 340 | "node": ">=4" 341 | } 342 | }, 343 | "node_modules/mime-db": { 344 | "version": "1.52.0", 345 | "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", 346 | "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", 347 | "engines": { 348 | "node": ">= 0.6" 349 | } 350 | }, 351 | "node_modules/mime-types": { 352 | "version": "2.1.35", 353 | "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", 354 | "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", 355 | "dependencies": { 356 | "mime-db": "1.52.0" 357 | }, 358 | "engines": { 359 | "node": ">= 0.6" 360 | } 361 | }, 362 | "node_modules/ms": { 363 | "version": "2.0.0", 364 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", 365 | "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" 366 | }, 367 | "node_modules/negotiator": { 368 | "version": "0.6.3", 369 | "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", 370 | "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", 371 | "engines": { 372 | "node": ">= 0.6" 373 | } 374 | }, 375 | "node_modules/object-inspect": { 376 | "version": "1.12.3", 377 | "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", 378 | "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==", 379 | "funding": { 380 | "url": "https://github.com/sponsors/ljharb" 381 | } 382 | }, 383 | "node_modules/on-finished": { 384 | "version": "2.4.1", 385 | "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", 386 | "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", 387 | "dependencies": { 388 | "ee-first": "1.1.1" 389 | }, 390 | "engines": { 391 | "node": ">= 0.8" 392 | } 393 | }, 394 | "node_modules/parseurl": { 395 | "version": "1.3.3", 396 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", 397 | "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", 398 | "engines": { 399 | "node": ">= 0.8" 400 | } 401 | }, 402 | "node_modules/path-to-regexp": { 403 | "version": "0.1.7", 404 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", 405 | "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" 406 | }, 407 | "node_modules/proxy-addr": { 408 | "version": "2.0.7", 409 | "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", 410 | "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", 411 | "dependencies": { 412 | "forwarded": "0.2.0", 413 | "ipaddr.js": "1.9.1" 414 | }, 415 | "engines": { 416 | "node": ">= 0.10" 417 | } 418 | }, 419 | "node_modules/qs": { 420 | "version": "6.11.0", 421 | "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", 422 | "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", 423 | "dependencies": { 424 | "side-channel": "^1.0.4" 425 | }, 426 | "engines": { 427 | "node": ">=0.6" 428 | }, 429 | "funding": { 430 | "url": "https://github.com/sponsors/ljharb" 431 | } 432 | }, 433 | "node_modules/range-parser": { 434 | "version": "1.2.1", 435 | "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", 436 | "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", 437 | "engines": { 438 | "node": ">= 0.6" 439 | } 440 | }, 441 | "node_modules/raw-body": { 442 | "version": "2.5.1", 443 | "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", 444 | "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", 445 | "dependencies": { 446 | "bytes": "3.1.2", 447 | "http-errors": "2.0.0", 448 | "iconv-lite": "0.4.24", 449 | "unpipe": "1.0.0" 450 | }, 451 | "engines": { 452 | "node": ">= 0.8" 453 | } 454 | }, 455 | "node_modules/safe-buffer": { 456 | "version": "5.2.1", 457 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", 458 | "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", 459 | "funding": [ 460 | { 461 | "type": "github", 462 | "url": "https://github.com/sponsors/feross" 463 | }, 464 | { 465 | "type": "patreon", 466 | "url": "https://www.patreon.com/feross" 467 | }, 468 | { 469 | "type": "consulting", 470 | "url": "https://feross.org/support" 471 | } 472 | ] 473 | }, 474 | "node_modules/safer-buffer": { 475 | "version": "2.1.2", 476 | "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", 477 | "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" 478 | }, 479 | "node_modules/send": { 480 | "version": "0.18.0", 481 | "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", 482 | "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", 483 | "dependencies": { 484 | "debug": "2.6.9", 485 | "depd": "2.0.0", 486 | "destroy": "1.2.0", 487 | "encodeurl": "~1.0.2", 488 | "escape-html": "~1.0.3", 489 | "etag": "~1.8.1", 490 | "fresh": "0.5.2", 491 | "http-errors": "2.0.0", 492 | "mime": "1.6.0", 493 | "ms": "2.1.3", 494 | "on-finished": "2.4.1", 495 | "range-parser": "~1.2.1", 496 | "statuses": "2.0.1" 497 | }, 498 | "engines": { 499 | "node": ">= 0.8.0" 500 | } 501 | }, 502 | "node_modules/send/node_modules/ms": { 503 | "version": "2.1.3", 504 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", 505 | "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" 506 | }, 507 | "node_modules/serve-static": { 508 | "version": "1.15.0", 509 | "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", 510 | "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==", 511 | "dependencies": { 512 | "encodeurl": "~1.0.2", 513 | "escape-html": "~1.0.3", 514 | "parseurl": "~1.3.3", 515 | "send": "0.18.0" 516 | }, 517 | "engines": { 518 | "node": ">= 0.8.0" 519 | } 520 | }, 521 | "node_modules/setprototypeof": { 522 | "version": "1.2.0", 523 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", 524 | "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" 525 | }, 526 | "node_modules/side-channel": { 527 | "version": "1.0.4", 528 | "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", 529 | "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", 530 | "dependencies": { 531 | "call-bind": "^1.0.0", 532 | "get-intrinsic": "^1.0.2", 533 | "object-inspect": "^1.9.0" 534 | }, 535 | "funding": { 536 | "url": "https://github.com/sponsors/ljharb" 537 | } 538 | }, 539 | "node_modules/statuses": { 540 | "version": "2.0.1", 541 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", 542 | "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", 543 | "engines": { 544 | "node": ">= 0.8" 545 | } 546 | }, 547 | "node_modules/toidentifier": { 548 | "version": "1.0.1", 549 | "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", 550 | "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", 551 | "engines": { 552 | "node": ">=0.6" 553 | } 554 | }, 555 | "node_modules/type-is": { 556 | "version": "1.6.18", 557 | "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", 558 | "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", 559 | "dependencies": { 560 | "media-typer": "0.3.0", 561 | "mime-types": "~2.1.24" 562 | }, 563 | "engines": { 564 | "node": ">= 0.6" 565 | } 566 | }, 567 | "node_modules/unpipe": { 568 | "version": "1.0.0", 569 | "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", 570 | "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", 571 | "engines": { 572 | "node": ">= 0.8" 573 | } 574 | }, 575 | "node_modules/utils-merge": { 576 | "version": "1.0.1", 577 | "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", 578 | "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", 579 | "engines": { 580 | "node": ">= 0.4.0" 581 | } 582 | }, 583 | "node_modules/vary": { 584 | "version": "1.1.2", 585 | "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", 586 | "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", 587 | "engines": { 588 | "node": ">= 0.8" 589 | } 590 | } 591 | } 592 | } 593 | -------------------------------------------------------------------------------- /access-control/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "avcs3", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "app.vuln.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "noraj at ACCEIS", 10 | "license": "ISC", 11 | "dependencies": { 12 | "express": "^4.18.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /access-control/secret.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const router = express.Router() 3 | 4 | router.get('/', (_req, res) => { 5 | res.send('FLAG{sVFVfcuQwQ5sf7QKtNpH}') 6 | }) 7 | 8 | module.exports = router -------------------------------------------------------------------------------- /authentication-bypass/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a PHP environment (tested with PHP 8.2.7). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 2. Install dependencies: `composer install`. 5 | 3. Run! (see below) 6 | 7 | ## Usage 8 | 9 | Start the vulnerable app: 10 | 11 | ``` 12 | VULN=on php -S 127.0.0.2:8080 13 | ``` 14 | 15 | Start the fixed app: 16 | 17 | ``` 18 | VULN=off php -S 127.0.0.2:8080 19 | ``` 20 | 21 | ## Announcement and solution 22 | 23 | Challenge announcement: 24 | 25 | - 🇫🇷 https://twitter.com/acceis/status/1682008440766443525 26 | - 🇬🇧 https://twitter.com/acceis/status/1682008443354333184 27 | 28 | Solution article: 29 | 30 | - 🇫🇷 https://acceis.fr/solution-de-lextrait-de-code-vulnerable-n6/ 31 | - 🇬🇧 https://acceis.fr/solution-for-the-vulnerable-code-snippet-n6/ 32 | -------------------------------------------------------------------------------- /authentication-bypass/app.fix.php: -------------------------------------------------------------------------------- 1 | array( 5 | 'user' => 'admin', 6 | 'password' => '$argon2id$v=19$m=65536,t=4,p=1$TXdqdy9iNGRhdkkuRWZuYQ$fTjXCFlKDPB8yfJGxLcpHybAaur7XeTCAbFyJkeERj4' 7 | ), 8 | 'messages' => array( 9 | 'access_denied' => 'Access denied!', 10 | 'welcome' => "

Hello {$_SERVER['PHP_AUTH_USER']}!

", 11 | 'recipe' => "

Here is the secret recipe:" 12 | ), 13 | 'secrets' => array( 14 | 'french_crepe_recipe' => '1 cup flour, 2 eggs, ½ cup milk, ½ cup water, ¼ teaspoon salt, 2 tablespoons butter' 15 | ), 16 | 'color' => 'red' 17 | ); 18 | extract($config); 19 | if (isset($_REQUEST['color'])) 20 | $color = $_REQUEST['color']; 21 | 22 | function login($user, $pass) { 23 | if ($user !== $_SERVER['PHP_AUTH_USER'] || !password_verify($_SERVER['PHP_AUTH_PW'], $pass)) { 24 | header('WWW-Authenticate: Basic realm="AVCS 6"'); 25 | header("HTTP/1.0 401 Unauthorized"); 26 | exit($access_denied); 27 | } 28 | } 29 | 30 | if (!empty($credentials)) { 31 | login($credentials['user'], $credentials['password']); 32 | } 33 | 34 | $color = urlencode($color); 35 | echo "

{$messages['welcome']}

"; 36 | echo $messages['recipe'] . " {$secrets['french_crepe_recipe']}"; 37 | echo "

Log out

"; 38 | 39 | ?> -------------------------------------------------------------------------------- /authentication-bypass/app.vuln.php: -------------------------------------------------------------------------------- 1 | array( 5 | 'user' => 'admin', 6 | 'password' => '$argon2id$v=19$m=65536,t=4,p=1$TXdqdy9iNGRhdkkuRWZuYQ$fTjXCFlKDPB8yfJGxLcpHybAaur7XeTCAbFyJkeERj4' 7 | ), 8 | 'messages' => array( 9 | 'access_denied' => 'Access denied!', 10 | 'welcome' => "

Hello {$_SERVER['PHP_AUTH_USER']}!

", 11 | 'recipe' => "

Here is the secret recipe:" 12 | ), 13 | 'secrets' => array( 14 | 'french_crepe_recipe' => '1 cup flour, 2 eggs, ½ cup milk, ½ cup water, ¼ teaspoon salt, 2 tablespoons butter' 15 | ), 16 | 'color' => 'red' 17 | ); 18 | extract($config); 19 | if (isset($_REQUEST['color']['color'])) 20 | extract($_REQUEST['color']); 21 | 22 | function login($user, $pass) { 23 | if ($user !== $_SERVER['PHP_AUTH_USER'] || !password_verify($_SERVER['PHP_AUTH_PW'], $pass)) { 24 | header('WWW-Authenticate: Basic realm="AVCS 6"'); 25 | header("HTTP/1.0 401 Unauthorized"); 26 | exit($access_denied); 27 | } 28 | } 29 | 30 | if (!empty($credentials)) { 31 | login($credentials['user'], $credentials['password']); 32 | } 33 | 34 | $color = urlencode($color); 35 | echo "

{$messages['welcome']}

"; 36 | echo $messages['recipe'] . " {$secrets['french_crepe_recipe']}"; 37 | echo "

Log out

"; 38 | 39 | ?> -------------------------------------------------------------------------------- /authentication-bypass/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "acceis/avcs6", 3 | "description": "ACCEIS Vulnerable Code Snippet n°6", 4 | "type": "project", 5 | "authors": [ 6 | { 7 | "name": "noraj" 8 | } 9 | ], 10 | "require": {}, 11 | "config": { 12 | "platform": { 13 | "php": "8.2.7" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /authentication-bypass/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /case-transformation-collision/.tool-versions: -------------------------------------------------------------------------------- 1 | ruby 3.2.0 2 | -------------------------------------------------------------------------------- /case-transformation-collision/Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source 'https://rubygems.org' 4 | 5 | gem 'roda', '~> 3.65' 6 | gem 'puma', '~> 6.1' 7 | gem 'rackup', '~> 2.1' -------------------------------------------------------------------------------- /case-transformation-collision/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | nio4r (2.5.8) 5 | puma (6.1.0) 6 | nio4r (~> 2.0) 7 | rack (3.0.4.1) 8 | rackup (2.1.0) 9 | rack (>= 3) 10 | webrick (~> 1.8) 11 | roda (3.65.0) 12 | rack 13 | webrick (1.8.1) 14 | 15 | PLATFORMS 16 | x86_64-linux 17 | 18 | DEPENDENCIES 19 | puma (~> 6.1) 20 | rackup (~> 2.1) 21 | roda (~> 3.65) 22 | 23 | BUNDLED WITH 24 | 2.4.7 25 | -------------------------------------------------------------------------------- /case-transformation-collision/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a Ruby environment (tested with Ruby 3.2.0). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 2. Install dependencies: `bundle install`. 5 | 3. Run! (see below) 6 | 7 | ## Usage 8 | 9 | Start the vulnerable app: 10 | 11 | ``` 12 | VULN=on bundle exec rackup -s puma 13 | ``` 14 | 15 | Start the fixed app: 16 | 17 | ``` 18 | VULN=off bundle exec rackup -s puma 19 | ``` 20 | 21 | ## Announcement and solution 22 | 23 | Challenge announcement: 24 | 25 | - 🇫🇷 https://twitter.com/acceis/status/1630193980091559937 26 | - 🇬🇧 https://twitter.com/acceis/status/1630193982377426944 27 | 28 | Solution article: 29 | 30 | - 🇫🇷 https://www.acceis.fr/solution-de-lextrait-de-code-vulnerable-n2/ 31 | - 🇬🇧 https://www.acceis.fr/solution-for-the-vulnerable-code-snippet-n2/ 32 | -------------------------------------------------------------------------------- /case-transformation-collision/app.fix.rb: -------------------------------------------------------------------------------- 1 | require 'roda' 2 | require 'cgi' 3 | require 'json' 4 | 5 | class App < Roda 6 | route do |r| 7 | r.root do 8 | r.redirect '/articles' 9 | end 10 | r.get 'articles' do 11 | if r.params['search'] 12 | data = JSON.load_file('data.json') 13 | normalized_query = r.params['search'].unicode_normalize(:nfkc) 14 | sanitized_query = CGI.escapeHTML normalized_query 15 | matches = data['articles'].select {|x| x['title'].include?(sanitized_query)} 16 | links = matches.map {|x| "

#{x['title']}

"} 17 | res = "

Articles matching #{sanitized_query}

" 18 | res += "

#{x['title']}

"} 17 | res = "

Articles matching #{normalized_query}

" 18 | res += "

#{links.join}" 19 | response.write res 20 | else 21 | response.write 'Use /articles?search=word to search in article title' 22 | end 23 | end 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /case-transformation-collision/config.ru: -------------------------------------------------------------------------------- 1 | if ENV['VULN'] == 'on' 2 | require_relative 'app.vuln' 3 | elsif ENV['VULN'] == 'off' 4 | require_relative 'app.fix' 5 | else 6 | require_relative 'app.vuln' 7 | end 8 | 9 | run App.freeze.app -------------------------------------------------------------------------------- /case-transformation-collision/data.json: -------------------------------------------------------------------------------- 1 | { 2 | "articles": [ 3 | { 4 | "title": "What's new in ffuf 2.0 release?", 5 | "url": "https://www.acceis.fr/whats-new-in-ffuf-2-0-release/" 6 | }, 7 | { 8 | "title": "ffuf advanced tricks", 9 | "url": "https://www.acceis.fr/ffuf-advanced-tricks/" 10 | }, 11 | { 12 | "title": "Transform P3 P4 P5 vulnerabilities to P1", 13 | "url": "https://www.acceis.fr/transform-p3-p4-p5-vulnerabilities-to-p1/" 14 | }, 15 | { 16 | "title": "Cracking encrypted archives (PKZIP: Zip ZipCrypto, Winzip: Zip AES, 7 Zip, RAR)", 17 | "url": "https://www.acceis.fr/cracking-encrypted-archives-pkzip-zip-zipcrypto-winzip-zip-aes-7-zip-rar/" 18 | } 19 | ] 20 | } -------------------------------------------------------------------------------- /dns-rebinding/.tool-versions: -------------------------------------------------------------------------------- 1 | ruby 3.2.0 2 | -------------------------------------------------------------------------------- /dns-rebinding/Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source 'https://rubygems.org' 4 | 5 | gem 'roda', '~> 3.63' 6 | gem 'puma', '~> 6.1' 7 | gem 'rackup', '~> 2.1' 8 | gem 'httpx', '~> 0.23.2' -------------------------------------------------------------------------------- /dns-rebinding/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | http-2-next (0.5.1) 5 | httpx (0.23.2) 6 | http-2-next (>= 0.4.1) 7 | nio4r (2.5.8) 8 | puma (6.1.0) 9 | nio4r (~> 2.0) 10 | rack (3.0.4.1) 11 | rackup (2.1.0) 12 | rack (>= 3) 13 | webrick (~> 1.8) 14 | roda (3.65.0) 15 | rack 16 | webrick (1.8.1) 17 | 18 | PLATFORMS 19 | x86_64-linux 20 | 21 | DEPENDENCIES 22 | httpx (~> 0.23.2) 23 | puma (~> 6.1) 24 | rackup (~> 2.1) 25 | roda (~> 3.63) 26 | 27 | BUNDLED WITH 28 | 2.4.1 29 | -------------------------------------------------------------------------------- /dns-rebinding/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a Ruby environment (tested with Ruby 3.2.0). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 2. Install dependencies: `bundle install`. 5 | 3. Run! (see below) 6 | 7 | ## Usage 8 | 9 | Start the vulnerable app: 10 | 11 | ``` 12 | VULN=on bundle exec rackup -s puma 13 | ``` 14 | 15 | Start the fixed app: (requires a configured dnsmasq, see the solution article) 16 | 17 | ``` 18 | VULN=off bundle exec rackup -s puma 19 | ``` 20 | 21 | ## Announcement and solution 22 | 23 | Challenge announcement: 24 | 25 | - 🇫🇷 https://twitter.com/acceis/status/1670810535300853766 26 | - 🇬🇧 https://twitter.com/acceis/status/1670810537947529219 27 | 28 | Solution article: 29 | 30 | - 🇫🇷 https://www.acceis.fr/solution-de-lextrait-de-code-vulnerable-n5 31 | - 🇬🇧 https://www.acceis.fr/solution-for-the-vulnerable-code-snippet-n5 32 | -------------------------------------------------------------------------------- /dns-rebinding/app.fix.rb: -------------------------------------------------------------------------------- 1 | require 'roda' 2 | require 'resolv' 3 | require 'httpx' 4 | 5 | RESOLVER_CONFIG = { 6 | :nameserver => ['127.0.0.153'], 7 | :nameserver_port => [['127.0.0.153', 5353]] 8 | } 9 | 10 | def trusted?(host) 11 | # whitelist to only allow requests on our internal website 12 | authorized_ips = ['10.10.0.200', '10.10.0.201'] 13 | r = Resolv::DNS.new(RESOLVER_CONFIG) 14 | authorized_ips.include?(r.getaddress(host).to_s) 15 | end 16 | 17 | # configure http client 18 | def http 19 | HTTPX.with(resolver_class: :native, :resolver_options => RESOLVER_CONFIG) 20 | .with(timeout: { connect_timeout: 10 }) 21 | .plugin(:follow_redirects) 22 | .plugin(:cookies) 23 | .plugin(:compression) 24 | .plugin(:h2c) 25 | end 26 | 27 | class App < Roda 28 | route do |r| 29 | r.on 'admin' do 30 | r.get 'proxy' do 31 | url = URI(r.params['url']) 32 | host = url.host 33 | if trusted?(host) 34 | res = http.get(url) 35 | res.error ? "Connection failed" : res.to_s 36 | else 37 | "Unauthorized target" 38 | end 39 | end 40 | end 41 | end 42 | end 43 | -------------------------------------------------------------------------------- /dns-rebinding/app.vuln.rb: -------------------------------------------------------------------------------- 1 | require 'roda' 2 | require 'resolv' 3 | require 'httpx' 4 | 5 | def trusted?(host) 6 | # whitelist to only allow requests on our internal website 7 | authorized_ips = ['10.10.0.200', '10.10.0.201'] 8 | authorized_ips.include?(Resolv.getaddress(host)) 9 | end 10 | 11 | # configure http client 12 | def http 13 | HTTPX.with(resolver_class: :system) 14 | .with(timeout: { connect_timeout: 10 }) 15 | .plugin(:follow_redirects) 16 | .plugin(:cookies) 17 | .plugin(:compression) 18 | .plugin(:h2c) 19 | end 20 | 21 | class App < Roda 22 | route do |r| 23 | r.on 'admin' do 24 | r.get 'proxy' do 25 | url = URI(r.params['url']) 26 | host = url.host 27 | if trusted?(host) 28 | res = http.get(url) 29 | res.error ? "Connection failed" : res.to_s 30 | else 31 | "Unauthorized target" 32 | end 33 | end 34 | end 35 | end 36 | end 37 | -------------------------------------------------------------------------------- /dns-rebinding/config.ru: -------------------------------------------------------------------------------- 1 | if ENV['VULN'] == 'on' 2 | require_relative 'app.vuln' 3 | elsif ENV['VULN'] == 'off' 4 | require_relative 'app.fix' 5 | else 6 | require_relative 'app.vuln' 7 | end 8 | 9 | run App.freeze.app -------------------------------------------------------------------------------- /inconsistent-values/.tool-versions: -------------------------------------------------------------------------------- 1 | ruby 3.2.0 2 | -------------------------------------------------------------------------------- /inconsistent-values/Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source 'https://rubygems.org' 4 | 5 | gem 'roda', '~> 3.67' 6 | gem 'puma', '~> 6.2' 7 | gem 'rackup', '~> 2.1' -------------------------------------------------------------------------------- /inconsistent-values/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | nio4r (2.5.9) 5 | puma (6.2.2) 6 | nio4r (~> 2.0) 7 | rack (3.0.7) 8 | rackup (2.1.0) 9 | rack (>= 3) 10 | webrick (~> 1.8) 11 | roda (3.67.0) 12 | rack 13 | webrick (1.8.1) 14 | 15 | PLATFORMS 16 | x86_64-linux 17 | 18 | DEPENDENCIES 19 | puma (~> 6.2) 20 | rackup (~> 2.1) 21 | roda (~> 3.67) 22 | 23 | BUNDLED WITH 24 | 2.4.7 25 | -------------------------------------------------------------------------------- /inconsistent-values/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a Ruby environment (tested with Ruby 3.2.0). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 2. Install dependencies: `bundle install`. 5 | 3. Run! (see below) 6 | 7 | ## Usage 8 | 9 | Start the vulnerable app: 10 | 11 | ``` 12 | VULN=on bundle exec rackup -s puma 13 | ``` 14 | 15 | Start the fixed app: 16 | 17 | ``` 18 | VULN=off bundle exec rackup -s puma 19 | ``` 20 | 21 | ## Announcement and solution 22 | 23 | Challenge announcement: 24 | 25 | - 🇫🇷 https://twitter.com/acceis/status/1660582304572481541 26 | - 🇬🇧 https://twitter.com/acceis/status/1660582306875158529 27 | 28 | Solution article: 29 | 30 | - 🇫🇷 https://www.acceis.fr/solution-de-lextrait-de-code-vulnerable-n4 31 | - 🇬🇧 https://www.acceis.fr/solution-for-the-vulnerable-code-snippet-n4 32 | -------------------------------------------------------------------------------- /inconsistent-values/app.fix.rb: -------------------------------------------------------------------------------- 1 | require 'roda' 2 | require 'uri' 3 | require 'net/http' 4 | 5 | class App < Roda 6 | route do |r| 7 | r.get 'local' do 8 | addr = r.ip # safer than parsing HTTP headers 9 | addr = "http://#{addr}" 10 | parsed_addr = URI.parse(addr) 11 | if parsed_addr.host == '127.0.0.1' 12 | safe_addr = parsed_addr.dup # always use the same method to process the data that was used in the security check 13 | safe_addr.path = '/login' 14 | data = {user: 'admin', pass: 'AJMMbzLckY37'} 15 | begin 16 | Net::HTTP.post_form(safe_addr, data) 17 | rescue Errno::ECONNREFUSED => e 18 | puts e.message 19 | ensure 20 | response.status = 200 21 | response.write 'Service proceeded' 22 | end 23 | else 24 | response.status = 403 25 | response.write "Not authorized from your address: #{addr}" 26 | end 27 | end 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /inconsistent-values/app.vuln.rb: -------------------------------------------------------------------------------- 1 | require 'roda' 2 | require 'uri' 3 | require 'net/http' 4 | 5 | class App < Roda 6 | route do |r| 7 | r.get 'local' do 8 | addr = r.get_header('HTTP_X_FORWARDED_FOR') ? r.get_header('HTTP_X_FORWARDED_FOR') : r.get_header('REMOTE_ADDR') 9 | addr = "http://#{addr}" # add protocol 10 | if URI.parse(addr).host == '127.0.0.1' # authorize admin access from local host only 11 | safe_addr = URI.parse(URI::Parser.new.escape(addr)) 12 | safe_addr.path = '/login' 13 | data = {user: 'admin', pass: 'AJMMbzLckY37'} 14 | begin 15 | Net::HTTP.post_form(safe_addr, data) 16 | rescue Errno::ECONNREFUSED => e 17 | puts e.message 18 | ensure 19 | response.status = 200 20 | response.write 'Service proceeded' 21 | end 22 | else 23 | response.status = 403 24 | response.write "Not authorized from your address: #{addr}" 25 | end 26 | end 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /inconsistent-values/config.ru: -------------------------------------------------------------------------------- 1 | if ENV['VULN'] == 'on' 2 | require_relative 'app.vuln' 3 | elsif ENV['VULN'] == 'off' 4 | require_relative 'app.fix' 5 | else 6 | require_relative 'app.vuln' 7 | end 8 | 9 | run App.freeze.app -------------------------------------------------------------------------------- /local-file-disclosure/.gitignore: -------------------------------------------------------------------------------- 1 | target/ -------------------------------------------------------------------------------- /local-file-disclosure/.tool-versions: -------------------------------------------------------------------------------- 1 | rust 1.71.1 2 | -------------------------------------------------------------------------------- /local-file-disclosure/Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "actix-codec" 7 | version = "0.5.1" 8 | source = "registry+https://github.com/rust-lang/crates.io-index" 9 | checksum = "617a8268e3537fe1d8c9ead925fca49ef6400927ee7bc26750e90ecee14ce4b8" 10 | dependencies = [ 11 | "bitflags", 12 | "bytes", 13 | "futures-core", 14 | "futures-sink", 15 | "memchr", 16 | "pin-project-lite", 17 | "tokio", 18 | "tokio-util", 19 | "tracing", 20 | ] 21 | 22 | [[package]] 23 | name = "actix-files" 24 | version = "0.6.2" 25 | source = "registry+https://github.com/rust-lang/crates.io-index" 26 | checksum = "d832782fac6ca7369a70c9ee9a20554623c5e51c76e190ad151780ebea1cf689" 27 | dependencies = [ 28 | "actix-http", 29 | "actix-service", 30 | "actix-utils", 31 | "actix-web", 32 | "askama_escape", 33 | "bitflags", 34 | "bytes", 35 | "derive_more", 36 | "futures-core", 37 | "http-range", 38 | "log", 39 | "mime", 40 | "mime_guess", 41 | "percent-encoding", 42 | "pin-project-lite", 43 | ] 44 | 45 | [[package]] 46 | name = "actix-http" 47 | version = "3.3.1" 48 | source = "registry+https://github.com/rust-lang/crates.io-index" 49 | checksum = "c2079246596c18b4a33e274ae10c0e50613f4d32a4198e09c7b93771013fed74" 50 | dependencies = [ 51 | "actix-codec", 52 | "actix-rt", 53 | "actix-service", 54 | "actix-utils", 55 | "ahash 0.8.3", 56 | "base64", 57 | "bitflags", 58 | "brotli", 59 | "bytes", 60 | "bytestring", 61 | "derive_more", 62 | "encoding_rs", 63 | "flate2", 64 | "futures-core", 65 | "h2", 66 | "http", 67 | "httparse", 68 | "httpdate", 69 | "itoa", 70 | "language-tags", 71 | "local-channel", 72 | "mime", 73 | "percent-encoding", 74 | "pin-project-lite", 75 | "rand", 76 | "sha1", 77 | "smallvec", 78 | "tokio", 79 | "tokio-util", 80 | "tracing", 81 | "zstd", 82 | ] 83 | 84 | [[package]] 85 | name = "actix-macros" 86 | version = "0.2.4" 87 | source = "registry+https://github.com/rust-lang/crates.io-index" 88 | checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb" 89 | dependencies = [ 90 | "quote", 91 | "syn 2.0.28", 92 | ] 93 | 94 | [[package]] 95 | name = "actix-router" 96 | version = "0.5.1" 97 | source = "registry+https://github.com/rust-lang/crates.io-index" 98 | checksum = "d66ff4d247d2b160861fa2866457e85706833527840e4133f8f49aa423a38799" 99 | dependencies = [ 100 | "bytestring", 101 | "http", 102 | "regex", 103 | "serde", 104 | "tracing", 105 | ] 106 | 107 | [[package]] 108 | name = "actix-rt" 109 | version = "2.8.0" 110 | source = "registry+https://github.com/rust-lang/crates.io-index" 111 | checksum = "15265b6b8e2347670eb363c47fc8c75208b4a4994b27192f345fcbe707804f3e" 112 | dependencies = [ 113 | "futures-core", 114 | "tokio", 115 | ] 116 | 117 | [[package]] 118 | name = "actix-server" 119 | version = "2.2.0" 120 | source = "registry+https://github.com/rust-lang/crates.io-index" 121 | checksum = "3e8613a75dd50cc45f473cee3c34d59ed677c0f7b44480ce3b8247d7dc519327" 122 | dependencies = [ 123 | "actix-rt", 124 | "actix-service", 125 | "actix-utils", 126 | "futures-core", 127 | "futures-util", 128 | "mio", 129 | "num_cpus", 130 | "socket2 0.4.9", 131 | "tokio", 132 | "tracing", 133 | ] 134 | 135 | [[package]] 136 | name = "actix-service" 137 | version = "2.0.2" 138 | source = "registry+https://github.com/rust-lang/crates.io-index" 139 | checksum = "3b894941f818cfdc7ccc4b9e60fa7e53b5042a2e8567270f9147d5591893373a" 140 | dependencies = [ 141 | "futures-core", 142 | "paste", 143 | "pin-project-lite", 144 | ] 145 | 146 | [[package]] 147 | name = "actix-utils" 148 | version = "3.0.1" 149 | source = "registry+https://github.com/rust-lang/crates.io-index" 150 | checksum = "88a1dcdff1466e3c2488e1cb5c36a71822750ad43839937f85d2f4d9f8b705d8" 151 | dependencies = [ 152 | "local-waker", 153 | "pin-project-lite", 154 | ] 155 | 156 | [[package]] 157 | name = "actix-web" 158 | version = "4.3.1" 159 | source = "registry+https://github.com/rust-lang/crates.io-index" 160 | checksum = "cd3cb42f9566ab176e1ef0b8b3a896529062b4efc6be0123046095914c4c1c96" 161 | dependencies = [ 162 | "actix-codec", 163 | "actix-http", 164 | "actix-macros", 165 | "actix-router", 166 | "actix-rt", 167 | "actix-server", 168 | "actix-service", 169 | "actix-utils", 170 | "actix-web-codegen", 171 | "ahash 0.7.6", 172 | "bytes", 173 | "bytestring", 174 | "cfg-if", 175 | "cookie", 176 | "derive_more", 177 | "encoding_rs", 178 | "futures-core", 179 | "futures-util", 180 | "http", 181 | "itoa", 182 | "language-tags", 183 | "log", 184 | "mime", 185 | "once_cell", 186 | "pin-project-lite", 187 | "regex", 188 | "serde", 189 | "serde_json", 190 | "serde_urlencoded", 191 | "smallvec", 192 | "socket2 0.4.9", 193 | "time", 194 | "url", 195 | ] 196 | 197 | [[package]] 198 | name = "actix-web-codegen" 199 | version = "4.2.0" 200 | source = "registry+https://github.com/rust-lang/crates.io-index" 201 | checksum = "2262160a7ae29e3415554a3f1fc04c764b1540c116aa524683208078b7a75bc9" 202 | dependencies = [ 203 | "actix-router", 204 | "proc-macro2", 205 | "quote", 206 | "syn 1.0.109", 207 | ] 208 | 209 | [[package]] 210 | name = "addr2line" 211 | version = "0.20.0" 212 | source = "registry+https://github.com/rust-lang/crates.io-index" 213 | checksum = "f4fa78e18c64fce05e902adecd7a5eed15a5e0a3439f7b0e169f0252214865e3" 214 | dependencies = [ 215 | "gimli", 216 | ] 217 | 218 | [[package]] 219 | name = "adler" 220 | version = "1.0.2" 221 | source = "registry+https://github.com/rust-lang/crates.io-index" 222 | checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" 223 | 224 | [[package]] 225 | name = "ahash" 226 | version = "0.7.6" 227 | source = "registry+https://github.com/rust-lang/crates.io-index" 228 | checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" 229 | dependencies = [ 230 | "getrandom", 231 | "once_cell", 232 | "version_check", 233 | ] 234 | 235 | [[package]] 236 | name = "ahash" 237 | version = "0.8.3" 238 | source = "registry+https://github.com/rust-lang/crates.io-index" 239 | checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" 240 | dependencies = [ 241 | "cfg-if", 242 | "getrandom", 243 | "once_cell", 244 | "version_check", 245 | ] 246 | 247 | [[package]] 248 | name = "aho-corasick" 249 | version = "1.0.3" 250 | source = "registry+https://github.com/rust-lang/crates.io-index" 251 | checksum = "86b8f9420f797f2d9e935edf629310eb938a0d839f984e25327f3c7eed22300c" 252 | dependencies = [ 253 | "memchr", 254 | ] 255 | 256 | [[package]] 257 | name = "alloc-no-stdlib" 258 | version = "2.0.4" 259 | source = "registry+https://github.com/rust-lang/crates.io-index" 260 | checksum = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3" 261 | 262 | [[package]] 263 | name = "alloc-stdlib" 264 | version = "0.2.2" 265 | source = "registry+https://github.com/rust-lang/crates.io-index" 266 | checksum = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece" 267 | dependencies = [ 268 | "alloc-no-stdlib", 269 | ] 270 | 271 | [[package]] 272 | name = "askama_escape" 273 | version = "0.10.3" 274 | source = "registry+https://github.com/rust-lang/crates.io-index" 275 | checksum = "619743e34b5ba4e9703bba34deac3427c72507c7159f5fd030aea8cac0cfe341" 276 | 277 | [[package]] 278 | name = "autocfg" 279 | version = "1.1.0" 280 | source = "registry+https://github.com/rust-lang/crates.io-index" 281 | checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" 282 | 283 | [[package]] 284 | name = "backtrace" 285 | version = "0.3.68" 286 | source = "registry+https://github.com/rust-lang/crates.io-index" 287 | checksum = "4319208da049c43661739c5fade2ba182f09d1dc2299b32298d3a31692b17e12" 288 | dependencies = [ 289 | "addr2line", 290 | "cc", 291 | "cfg-if", 292 | "libc", 293 | "miniz_oxide", 294 | "object", 295 | "rustc-demangle", 296 | ] 297 | 298 | [[package]] 299 | name = "base64" 300 | version = "0.21.2" 301 | source = "registry+https://github.com/rust-lang/crates.io-index" 302 | checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" 303 | 304 | [[package]] 305 | name = "bitflags" 306 | version = "1.3.2" 307 | source = "registry+https://github.com/rust-lang/crates.io-index" 308 | checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" 309 | 310 | [[package]] 311 | name = "block-buffer" 312 | version = "0.10.4" 313 | source = "registry+https://github.com/rust-lang/crates.io-index" 314 | checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" 315 | dependencies = [ 316 | "generic-array", 317 | ] 318 | 319 | [[package]] 320 | name = "brotli" 321 | version = "3.3.4" 322 | source = "registry+https://github.com/rust-lang/crates.io-index" 323 | checksum = "a1a0b1dbcc8ae29329621f8d4f0d835787c1c38bb1401979b49d13b0b305ff68" 324 | dependencies = [ 325 | "alloc-no-stdlib", 326 | "alloc-stdlib", 327 | "brotli-decompressor", 328 | ] 329 | 330 | [[package]] 331 | name = "brotli-decompressor" 332 | version = "2.3.4" 333 | source = "registry+https://github.com/rust-lang/crates.io-index" 334 | checksum = "4b6561fd3f895a11e8f72af2cb7d22e08366bebc2b6b57f7744c4bda27034744" 335 | dependencies = [ 336 | "alloc-no-stdlib", 337 | "alloc-stdlib", 338 | ] 339 | 340 | [[package]] 341 | name = "bytes" 342 | version = "1.4.0" 343 | source = "registry+https://github.com/rust-lang/crates.io-index" 344 | checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" 345 | 346 | [[package]] 347 | name = "bytestring" 348 | version = "1.3.0" 349 | source = "registry+https://github.com/rust-lang/crates.io-index" 350 | checksum = "238e4886760d98c4f899360c834fa93e62cf7f721ac3c2da375cbdf4b8679aae" 351 | dependencies = [ 352 | "bytes", 353 | ] 354 | 355 | [[package]] 356 | name = "cc" 357 | version = "1.0.82" 358 | source = "registry+https://github.com/rust-lang/crates.io-index" 359 | checksum = "305fe645edc1442a0fa8b6726ba61d422798d37a52e12eaecf4b022ebbb88f01" 360 | dependencies = [ 361 | "jobserver", 362 | "libc", 363 | ] 364 | 365 | [[package]] 366 | name = "cfg-if" 367 | version = "1.0.0" 368 | source = "registry+https://github.com/rust-lang/crates.io-index" 369 | checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" 370 | 371 | [[package]] 372 | name = "convert_case" 373 | version = "0.4.0" 374 | source = "registry+https://github.com/rust-lang/crates.io-index" 375 | checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" 376 | 377 | [[package]] 378 | name = "cookie" 379 | version = "0.16.2" 380 | source = "registry+https://github.com/rust-lang/crates.io-index" 381 | checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb" 382 | dependencies = [ 383 | "percent-encoding", 384 | "time", 385 | "version_check", 386 | ] 387 | 388 | [[package]] 389 | name = "cpufeatures" 390 | version = "0.2.9" 391 | source = "registry+https://github.com/rust-lang/crates.io-index" 392 | checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" 393 | dependencies = [ 394 | "libc", 395 | ] 396 | 397 | [[package]] 398 | name = "crc32fast" 399 | version = "1.3.2" 400 | source = "registry+https://github.com/rust-lang/crates.io-index" 401 | checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" 402 | dependencies = [ 403 | "cfg-if", 404 | ] 405 | 406 | [[package]] 407 | name = "crypto-common" 408 | version = "0.1.6" 409 | source = "registry+https://github.com/rust-lang/crates.io-index" 410 | checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" 411 | dependencies = [ 412 | "generic-array", 413 | "typenum", 414 | ] 415 | 416 | [[package]] 417 | name = "deranged" 418 | version = "0.3.7" 419 | source = "registry+https://github.com/rust-lang/crates.io-index" 420 | checksum = "7684a49fb1af197853ef7b2ee694bc1f5b4179556f1e5710e1760c5db6f5e929" 421 | 422 | [[package]] 423 | name = "derive_more" 424 | version = "0.99.17" 425 | source = "registry+https://github.com/rust-lang/crates.io-index" 426 | checksum = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321" 427 | dependencies = [ 428 | "convert_case", 429 | "proc-macro2", 430 | "quote", 431 | "rustc_version", 432 | "syn 1.0.109", 433 | ] 434 | 435 | [[package]] 436 | name = "digest" 437 | version = "0.10.7" 438 | source = "registry+https://github.com/rust-lang/crates.io-index" 439 | checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" 440 | dependencies = [ 441 | "block-buffer", 442 | "crypto-common", 443 | ] 444 | 445 | [[package]] 446 | name = "encoding_rs" 447 | version = "0.8.32" 448 | source = "registry+https://github.com/rust-lang/crates.io-index" 449 | checksum = "071a31f4ee85403370b58aca746f01041ede6f0da2730960ad001edc2b71b394" 450 | dependencies = [ 451 | "cfg-if", 452 | ] 453 | 454 | [[package]] 455 | name = "flate2" 456 | version = "1.0.26" 457 | source = "registry+https://github.com/rust-lang/crates.io-index" 458 | checksum = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743" 459 | dependencies = [ 460 | "crc32fast", 461 | "miniz_oxide", 462 | ] 463 | 464 | [[package]] 465 | name = "fnv" 466 | version = "1.0.7" 467 | source = "registry+https://github.com/rust-lang/crates.io-index" 468 | checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" 469 | 470 | [[package]] 471 | name = "form_urlencoded" 472 | version = "1.2.0" 473 | source = "registry+https://github.com/rust-lang/crates.io-index" 474 | checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652" 475 | dependencies = [ 476 | "percent-encoding", 477 | ] 478 | 479 | [[package]] 480 | name = "futures-core" 481 | version = "0.3.28" 482 | source = "registry+https://github.com/rust-lang/crates.io-index" 483 | checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" 484 | 485 | [[package]] 486 | name = "futures-sink" 487 | version = "0.3.28" 488 | source = "registry+https://github.com/rust-lang/crates.io-index" 489 | checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e" 490 | 491 | [[package]] 492 | name = "futures-task" 493 | version = "0.3.28" 494 | source = "registry+https://github.com/rust-lang/crates.io-index" 495 | checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" 496 | 497 | [[package]] 498 | name = "futures-util" 499 | version = "0.3.28" 500 | source = "registry+https://github.com/rust-lang/crates.io-index" 501 | checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" 502 | dependencies = [ 503 | "futures-core", 504 | "futures-task", 505 | "pin-project-lite", 506 | "pin-utils", 507 | ] 508 | 509 | [[package]] 510 | name = "generic-array" 511 | version = "0.14.7" 512 | source = "registry+https://github.com/rust-lang/crates.io-index" 513 | checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" 514 | dependencies = [ 515 | "typenum", 516 | "version_check", 517 | ] 518 | 519 | [[package]] 520 | name = "getrandom" 521 | version = "0.2.10" 522 | source = "registry+https://github.com/rust-lang/crates.io-index" 523 | checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" 524 | dependencies = [ 525 | "cfg-if", 526 | "libc", 527 | "wasi", 528 | ] 529 | 530 | [[package]] 531 | name = "gimli" 532 | version = "0.27.3" 533 | source = "registry+https://github.com/rust-lang/crates.io-index" 534 | checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e" 535 | 536 | [[package]] 537 | name = "h2" 538 | version = "0.3.20" 539 | source = "registry+https://github.com/rust-lang/crates.io-index" 540 | checksum = "97ec8491ebaf99c8eaa73058b045fe58073cd6be7f596ac993ced0b0a0c01049" 541 | dependencies = [ 542 | "bytes", 543 | "fnv", 544 | "futures-core", 545 | "futures-sink", 546 | "futures-util", 547 | "http", 548 | "indexmap", 549 | "slab", 550 | "tokio", 551 | "tokio-util", 552 | "tracing", 553 | ] 554 | 555 | [[package]] 556 | name = "hashbrown" 557 | version = "0.12.3" 558 | source = "registry+https://github.com/rust-lang/crates.io-index" 559 | checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" 560 | 561 | [[package]] 562 | name = "hermit-abi" 563 | version = "0.3.2" 564 | source = "registry+https://github.com/rust-lang/crates.io-index" 565 | checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" 566 | 567 | [[package]] 568 | name = "http" 569 | version = "0.2.9" 570 | source = "registry+https://github.com/rust-lang/crates.io-index" 571 | checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" 572 | dependencies = [ 573 | "bytes", 574 | "fnv", 575 | "itoa", 576 | ] 577 | 578 | [[package]] 579 | name = "http-range" 580 | version = "0.1.5" 581 | source = "registry+https://github.com/rust-lang/crates.io-index" 582 | checksum = "21dec9db110f5f872ed9699c3ecf50cf16f423502706ba5c72462e28d3157573" 583 | 584 | [[package]] 585 | name = "httparse" 586 | version = "1.8.0" 587 | source = "registry+https://github.com/rust-lang/crates.io-index" 588 | checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" 589 | 590 | [[package]] 591 | name = "httpdate" 592 | version = "1.0.2" 593 | source = "registry+https://github.com/rust-lang/crates.io-index" 594 | checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" 595 | 596 | [[package]] 597 | name = "idna" 598 | version = "0.4.0" 599 | source = "registry+https://github.com/rust-lang/crates.io-index" 600 | checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" 601 | dependencies = [ 602 | "unicode-bidi", 603 | "unicode-normalization", 604 | ] 605 | 606 | [[package]] 607 | name = "indexmap" 608 | version = "1.9.3" 609 | source = "registry+https://github.com/rust-lang/crates.io-index" 610 | checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" 611 | dependencies = [ 612 | "autocfg", 613 | "hashbrown", 614 | ] 615 | 616 | [[package]] 617 | name = "itoa" 618 | version = "1.0.9" 619 | source = "registry+https://github.com/rust-lang/crates.io-index" 620 | checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" 621 | 622 | [[package]] 623 | name = "jobserver" 624 | version = "0.1.26" 625 | source = "registry+https://github.com/rust-lang/crates.io-index" 626 | checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" 627 | dependencies = [ 628 | "libc", 629 | ] 630 | 631 | [[package]] 632 | name = "language-tags" 633 | version = "0.3.2" 634 | source = "registry+https://github.com/rust-lang/crates.io-index" 635 | checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" 636 | 637 | [[package]] 638 | name = "libc" 639 | version = "0.2.147" 640 | source = "registry+https://github.com/rust-lang/crates.io-index" 641 | checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" 642 | 643 | [[package]] 644 | name = "local-channel" 645 | version = "0.1.3" 646 | source = "registry+https://github.com/rust-lang/crates.io-index" 647 | checksum = "7f303ec0e94c6c54447f84f3b0ef7af769858a9c4ef56ef2a986d3dcd4c3fc9c" 648 | dependencies = [ 649 | "futures-core", 650 | "futures-sink", 651 | "futures-util", 652 | "local-waker", 653 | ] 654 | 655 | [[package]] 656 | name = "local-file-read" 657 | version = "0.1.0" 658 | dependencies = [ 659 | "actix-files", 660 | "actix-web", 661 | ] 662 | 663 | [[package]] 664 | name = "local-waker" 665 | version = "0.1.3" 666 | source = "registry+https://github.com/rust-lang/crates.io-index" 667 | checksum = "e34f76eb3611940e0e7d53a9aaa4e6a3151f69541a282fd0dad5571420c53ff1" 668 | 669 | [[package]] 670 | name = "lock_api" 671 | version = "0.4.10" 672 | source = "registry+https://github.com/rust-lang/crates.io-index" 673 | checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" 674 | dependencies = [ 675 | "autocfg", 676 | "scopeguard", 677 | ] 678 | 679 | [[package]] 680 | name = "log" 681 | version = "0.4.19" 682 | source = "registry+https://github.com/rust-lang/crates.io-index" 683 | checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" 684 | 685 | [[package]] 686 | name = "memchr" 687 | version = "2.5.0" 688 | source = "registry+https://github.com/rust-lang/crates.io-index" 689 | checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" 690 | 691 | [[package]] 692 | name = "mime" 693 | version = "0.3.17" 694 | source = "registry+https://github.com/rust-lang/crates.io-index" 695 | checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 696 | 697 | [[package]] 698 | name = "mime_guess" 699 | version = "2.0.4" 700 | source = "registry+https://github.com/rust-lang/crates.io-index" 701 | checksum = "4192263c238a5f0d0c6bfd21f336a313a4ce1c450542449ca191bb657b4642ef" 702 | dependencies = [ 703 | "mime", 704 | "unicase", 705 | ] 706 | 707 | [[package]] 708 | name = "miniz_oxide" 709 | version = "0.7.1" 710 | source = "registry+https://github.com/rust-lang/crates.io-index" 711 | checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" 712 | dependencies = [ 713 | "adler", 714 | ] 715 | 716 | [[package]] 717 | name = "mio" 718 | version = "0.8.8" 719 | source = "registry+https://github.com/rust-lang/crates.io-index" 720 | checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" 721 | dependencies = [ 722 | "libc", 723 | "log", 724 | "wasi", 725 | "windows-sys", 726 | ] 727 | 728 | [[package]] 729 | name = "num_cpus" 730 | version = "1.16.0" 731 | source = "registry+https://github.com/rust-lang/crates.io-index" 732 | checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" 733 | dependencies = [ 734 | "hermit-abi", 735 | "libc", 736 | ] 737 | 738 | [[package]] 739 | name = "object" 740 | version = "0.31.1" 741 | source = "registry+https://github.com/rust-lang/crates.io-index" 742 | checksum = "8bda667d9f2b5051b8833f59f3bf748b28ef54f850f4fcb389a252aa383866d1" 743 | dependencies = [ 744 | "memchr", 745 | ] 746 | 747 | [[package]] 748 | name = "once_cell" 749 | version = "1.18.0" 750 | source = "registry+https://github.com/rust-lang/crates.io-index" 751 | checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" 752 | 753 | [[package]] 754 | name = "parking_lot" 755 | version = "0.12.1" 756 | source = "registry+https://github.com/rust-lang/crates.io-index" 757 | checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" 758 | dependencies = [ 759 | "lock_api", 760 | "parking_lot_core", 761 | ] 762 | 763 | [[package]] 764 | name = "parking_lot_core" 765 | version = "0.9.8" 766 | source = "registry+https://github.com/rust-lang/crates.io-index" 767 | checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" 768 | dependencies = [ 769 | "cfg-if", 770 | "libc", 771 | "redox_syscall", 772 | "smallvec", 773 | "windows-targets", 774 | ] 775 | 776 | [[package]] 777 | name = "paste" 778 | version = "1.0.14" 779 | source = "registry+https://github.com/rust-lang/crates.io-index" 780 | checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" 781 | 782 | [[package]] 783 | name = "percent-encoding" 784 | version = "2.3.0" 785 | source = "registry+https://github.com/rust-lang/crates.io-index" 786 | checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" 787 | 788 | [[package]] 789 | name = "pin-project-lite" 790 | version = "0.2.12" 791 | source = "registry+https://github.com/rust-lang/crates.io-index" 792 | checksum = "12cc1b0bf1727a77a54b6654e7b5f1af8604923edc8b81885f8ec92f9e3f0a05" 793 | 794 | [[package]] 795 | name = "pin-utils" 796 | version = "0.1.0" 797 | source = "registry+https://github.com/rust-lang/crates.io-index" 798 | checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" 799 | 800 | [[package]] 801 | name = "pkg-config" 802 | version = "0.3.27" 803 | source = "registry+https://github.com/rust-lang/crates.io-index" 804 | checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" 805 | 806 | [[package]] 807 | name = "ppv-lite86" 808 | version = "0.2.17" 809 | source = "registry+https://github.com/rust-lang/crates.io-index" 810 | checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" 811 | 812 | [[package]] 813 | name = "proc-macro2" 814 | version = "1.0.66" 815 | source = "registry+https://github.com/rust-lang/crates.io-index" 816 | checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" 817 | dependencies = [ 818 | "unicode-ident", 819 | ] 820 | 821 | [[package]] 822 | name = "quote" 823 | version = "1.0.32" 824 | source = "registry+https://github.com/rust-lang/crates.io-index" 825 | checksum = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965" 826 | dependencies = [ 827 | "proc-macro2", 828 | ] 829 | 830 | [[package]] 831 | name = "rand" 832 | version = "0.8.5" 833 | source = "registry+https://github.com/rust-lang/crates.io-index" 834 | checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" 835 | dependencies = [ 836 | "libc", 837 | "rand_chacha", 838 | "rand_core", 839 | ] 840 | 841 | [[package]] 842 | name = "rand_chacha" 843 | version = "0.3.1" 844 | source = "registry+https://github.com/rust-lang/crates.io-index" 845 | checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" 846 | dependencies = [ 847 | "ppv-lite86", 848 | "rand_core", 849 | ] 850 | 851 | [[package]] 852 | name = "rand_core" 853 | version = "0.6.4" 854 | source = "registry+https://github.com/rust-lang/crates.io-index" 855 | checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" 856 | dependencies = [ 857 | "getrandom", 858 | ] 859 | 860 | [[package]] 861 | name = "redox_syscall" 862 | version = "0.3.5" 863 | source = "registry+https://github.com/rust-lang/crates.io-index" 864 | checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" 865 | dependencies = [ 866 | "bitflags", 867 | ] 868 | 869 | [[package]] 870 | name = "regex" 871 | version = "1.9.3" 872 | source = "registry+https://github.com/rust-lang/crates.io-index" 873 | checksum = "81bc1d4caf89fac26a70747fe603c130093b53c773888797a6329091246d651a" 874 | dependencies = [ 875 | "aho-corasick", 876 | "memchr", 877 | "regex-automata", 878 | "regex-syntax", 879 | ] 880 | 881 | [[package]] 882 | name = "regex-automata" 883 | version = "0.3.6" 884 | source = "registry+https://github.com/rust-lang/crates.io-index" 885 | checksum = "fed1ceff11a1dddaee50c9dc8e4938bd106e9d89ae372f192311e7da498e3b69" 886 | dependencies = [ 887 | "aho-corasick", 888 | "memchr", 889 | "regex-syntax", 890 | ] 891 | 892 | [[package]] 893 | name = "regex-syntax" 894 | version = "0.7.4" 895 | source = "registry+https://github.com/rust-lang/crates.io-index" 896 | checksum = "e5ea92a5b6195c6ef2a0295ea818b312502c6fc94dde986c5553242e18fd4ce2" 897 | 898 | [[package]] 899 | name = "rustc-demangle" 900 | version = "0.1.23" 901 | source = "registry+https://github.com/rust-lang/crates.io-index" 902 | checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" 903 | 904 | [[package]] 905 | name = "rustc_version" 906 | version = "0.4.0" 907 | source = "registry+https://github.com/rust-lang/crates.io-index" 908 | checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" 909 | dependencies = [ 910 | "semver", 911 | ] 912 | 913 | [[package]] 914 | name = "ryu" 915 | version = "1.0.15" 916 | source = "registry+https://github.com/rust-lang/crates.io-index" 917 | checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" 918 | 919 | [[package]] 920 | name = "scopeguard" 921 | version = "1.2.0" 922 | source = "registry+https://github.com/rust-lang/crates.io-index" 923 | checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" 924 | 925 | [[package]] 926 | name = "semver" 927 | version = "1.0.18" 928 | source = "registry+https://github.com/rust-lang/crates.io-index" 929 | checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" 930 | 931 | [[package]] 932 | name = "serde" 933 | version = "1.0.183" 934 | source = "registry+https://github.com/rust-lang/crates.io-index" 935 | checksum = "32ac8da02677876d532745a130fc9d8e6edfa81a269b107c5b00829b91d8eb3c" 936 | 937 | [[package]] 938 | name = "serde_json" 939 | version = "1.0.104" 940 | source = "registry+https://github.com/rust-lang/crates.io-index" 941 | checksum = "076066c5f1078eac5b722a31827a8832fe108bed65dfa75e233c89f8206e976c" 942 | dependencies = [ 943 | "itoa", 944 | "ryu", 945 | "serde", 946 | ] 947 | 948 | [[package]] 949 | name = "serde_urlencoded" 950 | version = "0.7.1" 951 | source = "registry+https://github.com/rust-lang/crates.io-index" 952 | checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" 953 | dependencies = [ 954 | "form_urlencoded", 955 | "itoa", 956 | "ryu", 957 | "serde", 958 | ] 959 | 960 | [[package]] 961 | name = "sha1" 962 | version = "0.10.5" 963 | source = "registry+https://github.com/rust-lang/crates.io-index" 964 | checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" 965 | dependencies = [ 966 | "cfg-if", 967 | "cpufeatures", 968 | "digest", 969 | ] 970 | 971 | [[package]] 972 | name = "signal-hook-registry" 973 | version = "1.4.1" 974 | source = "registry+https://github.com/rust-lang/crates.io-index" 975 | checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" 976 | dependencies = [ 977 | "libc", 978 | ] 979 | 980 | [[package]] 981 | name = "slab" 982 | version = "0.4.8" 983 | source = "registry+https://github.com/rust-lang/crates.io-index" 984 | checksum = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d" 985 | dependencies = [ 986 | "autocfg", 987 | ] 988 | 989 | [[package]] 990 | name = "smallvec" 991 | version = "1.11.0" 992 | source = "registry+https://github.com/rust-lang/crates.io-index" 993 | checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" 994 | 995 | [[package]] 996 | name = "socket2" 997 | version = "0.4.9" 998 | source = "registry+https://github.com/rust-lang/crates.io-index" 999 | checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" 1000 | dependencies = [ 1001 | "libc", 1002 | "winapi", 1003 | ] 1004 | 1005 | [[package]] 1006 | name = "socket2" 1007 | version = "0.5.3" 1008 | source = "registry+https://github.com/rust-lang/crates.io-index" 1009 | checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877" 1010 | dependencies = [ 1011 | "libc", 1012 | "windows-sys", 1013 | ] 1014 | 1015 | [[package]] 1016 | name = "syn" 1017 | version = "1.0.109" 1018 | source = "registry+https://github.com/rust-lang/crates.io-index" 1019 | checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" 1020 | dependencies = [ 1021 | "proc-macro2", 1022 | "quote", 1023 | "unicode-ident", 1024 | ] 1025 | 1026 | [[package]] 1027 | name = "syn" 1028 | version = "2.0.28" 1029 | source = "registry+https://github.com/rust-lang/crates.io-index" 1030 | checksum = "04361975b3f5e348b2189d8dc55bc942f278b2d482a6a0365de5bdd62d351567" 1031 | dependencies = [ 1032 | "proc-macro2", 1033 | "quote", 1034 | "unicode-ident", 1035 | ] 1036 | 1037 | [[package]] 1038 | name = "time" 1039 | version = "0.3.25" 1040 | source = "registry+https://github.com/rust-lang/crates.io-index" 1041 | checksum = "b0fdd63d58b18d663fbdf70e049f00a22c8e42be082203be7f26589213cd75ea" 1042 | dependencies = [ 1043 | "deranged", 1044 | "itoa", 1045 | "serde", 1046 | "time-core", 1047 | "time-macros", 1048 | ] 1049 | 1050 | [[package]] 1051 | name = "time-core" 1052 | version = "0.1.1" 1053 | source = "registry+https://github.com/rust-lang/crates.io-index" 1054 | checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" 1055 | 1056 | [[package]] 1057 | name = "time-macros" 1058 | version = "0.2.11" 1059 | source = "registry+https://github.com/rust-lang/crates.io-index" 1060 | checksum = "eb71511c991639bb078fd5bf97757e03914361c48100d52878b8e52b46fb92cd" 1061 | dependencies = [ 1062 | "time-core", 1063 | ] 1064 | 1065 | [[package]] 1066 | name = "tinyvec" 1067 | version = "1.6.0" 1068 | source = "registry+https://github.com/rust-lang/crates.io-index" 1069 | checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" 1070 | dependencies = [ 1071 | "tinyvec_macros", 1072 | ] 1073 | 1074 | [[package]] 1075 | name = "tinyvec_macros" 1076 | version = "0.1.1" 1077 | source = "registry+https://github.com/rust-lang/crates.io-index" 1078 | checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" 1079 | 1080 | [[package]] 1081 | name = "tokio" 1082 | version = "1.30.0" 1083 | source = "registry+https://github.com/rust-lang/crates.io-index" 1084 | checksum = "2d3ce25f50619af8b0aec2eb23deebe84249e19e2ddd393a6e16e3300a6dadfd" 1085 | dependencies = [ 1086 | "backtrace", 1087 | "bytes", 1088 | "libc", 1089 | "mio", 1090 | "parking_lot", 1091 | "pin-project-lite", 1092 | "signal-hook-registry", 1093 | "socket2 0.5.3", 1094 | "windows-sys", 1095 | ] 1096 | 1097 | [[package]] 1098 | name = "tokio-util" 1099 | version = "0.7.8" 1100 | source = "registry+https://github.com/rust-lang/crates.io-index" 1101 | checksum = "806fe8c2c87eccc8b3267cbae29ed3ab2d0bd37fca70ab622e46aaa9375ddb7d" 1102 | dependencies = [ 1103 | "bytes", 1104 | "futures-core", 1105 | "futures-sink", 1106 | "pin-project-lite", 1107 | "tokio", 1108 | "tracing", 1109 | ] 1110 | 1111 | [[package]] 1112 | name = "tracing" 1113 | version = "0.1.37" 1114 | source = "registry+https://github.com/rust-lang/crates.io-index" 1115 | checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" 1116 | dependencies = [ 1117 | "cfg-if", 1118 | "log", 1119 | "pin-project-lite", 1120 | "tracing-core", 1121 | ] 1122 | 1123 | [[package]] 1124 | name = "tracing-core" 1125 | version = "0.1.31" 1126 | source = "registry+https://github.com/rust-lang/crates.io-index" 1127 | checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" 1128 | dependencies = [ 1129 | "once_cell", 1130 | ] 1131 | 1132 | [[package]] 1133 | name = "typenum" 1134 | version = "1.16.0" 1135 | source = "registry+https://github.com/rust-lang/crates.io-index" 1136 | checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" 1137 | 1138 | [[package]] 1139 | name = "unicase" 1140 | version = "2.6.0" 1141 | source = "registry+https://github.com/rust-lang/crates.io-index" 1142 | checksum = "50f37be617794602aabbeee0be4f259dc1778fabe05e2d67ee8f79326d5cb4f6" 1143 | dependencies = [ 1144 | "version_check", 1145 | ] 1146 | 1147 | [[package]] 1148 | name = "unicode-bidi" 1149 | version = "0.3.13" 1150 | source = "registry+https://github.com/rust-lang/crates.io-index" 1151 | checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" 1152 | 1153 | [[package]] 1154 | name = "unicode-ident" 1155 | version = "1.0.11" 1156 | source = "registry+https://github.com/rust-lang/crates.io-index" 1157 | checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" 1158 | 1159 | [[package]] 1160 | name = "unicode-normalization" 1161 | version = "0.1.22" 1162 | source = "registry+https://github.com/rust-lang/crates.io-index" 1163 | checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" 1164 | dependencies = [ 1165 | "tinyvec", 1166 | ] 1167 | 1168 | [[package]] 1169 | name = "url" 1170 | version = "2.4.0" 1171 | source = "registry+https://github.com/rust-lang/crates.io-index" 1172 | checksum = "50bff7831e19200a85b17131d085c25d7811bc4e186efdaf54bbd132994a88cb" 1173 | dependencies = [ 1174 | "form_urlencoded", 1175 | "idna", 1176 | "percent-encoding", 1177 | ] 1178 | 1179 | [[package]] 1180 | name = "version_check" 1181 | version = "0.9.4" 1182 | source = "registry+https://github.com/rust-lang/crates.io-index" 1183 | checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" 1184 | 1185 | [[package]] 1186 | name = "wasi" 1187 | version = "0.11.0+wasi-snapshot-preview1" 1188 | source = "registry+https://github.com/rust-lang/crates.io-index" 1189 | checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" 1190 | 1191 | [[package]] 1192 | name = "winapi" 1193 | version = "0.3.9" 1194 | source = "registry+https://github.com/rust-lang/crates.io-index" 1195 | checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" 1196 | dependencies = [ 1197 | "winapi-i686-pc-windows-gnu", 1198 | "winapi-x86_64-pc-windows-gnu", 1199 | ] 1200 | 1201 | [[package]] 1202 | name = "winapi-i686-pc-windows-gnu" 1203 | version = "0.4.0" 1204 | source = "registry+https://github.com/rust-lang/crates.io-index" 1205 | checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" 1206 | 1207 | [[package]] 1208 | name = "winapi-x86_64-pc-windows-gnu" 1209 | version = "0.4.0" 1210 | source = "registry+https://github.com/rust-lang/crates.io-index" 1211 | checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" 1212 | 1213 | [[package]] 1214 | name = "windows-sys" 1215 | version = "0.48.0" 1216 | source = "registry+https://github.com/rust-lang/crates.io-index" 1217 | checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" 1218 | dependencies = [ 1219 | "windows-targets", 1220 | ] 1221 | 1222 | [[package]] 1223 | name = "windows-targets" 1224 | version = "0.48.1" 1225 | source = "registry+https://github.com/rust-lang/crates.io-index" 1226 | checksum = "05d4b17490f70499f20b9e791dcf6a299785ce8af4d709018206dc5b4953e95f" 1227 | dependencies = [ 1228 | "windows_aarch64_gnullvm", 1229 | "windows_aarch64_msvc", 1230 | "windows_i686_gnu", 1231 | "windows_i686_msvc", 1232 | "windows_x86_64_gnu", 1233 | "windows_x86_64_gnullvm", 1234 | "windows_x86_64_msvc", 1235 | ] 1236 | 1237 | [[package]] 1238 | name = "windows_aarch64_gnullvm" 1239 | version = "0.48.0" 1240 | source = "registry+https://github.com/rust-lang/crates.io-index" 1241 | checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" 1242 | 1243 | [[package]] 1244 | name = "windows_aarch64_msvc" 1245 | version = "0.48.0" 1246 | source = "registry+https://github.com/rust-lang/crates.io-index" 1247 | checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" 1248 | 1249 | [[package]] 1250 | name = "windows_i686_gnu" 1251 | version = "0.48.0" 1252 | source = "registry+https://github.com/rust-lang/crates.io-index" 1253 | checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" 1254 | 1255 | [[package]] 1256 | name = "windows_i686_msvc" 1257 | version = "0.48.0" 1258 | source = "registry+https://github.com/rust-lang/crates.io-index" 1259 | checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" 1260 | 1261 | [[package]] 1262 | name = "windows_x86_64_gnu" 1263 | version = "0.48.0" 1264 | source = "registry+https://github.com/rust-lang/crates.io-index" 1265 | checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" 1266 | 1267 | [[package]] 1268 | name = "windows_x86_64_gnullvm" 1269 | version = "0.48.0" 1270 | source = "registry+https://github.com/rust-lang/crates.io-index" 1271 | checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" 1272 | 1273 | [[package]] 1274 | name = "windows_x86_64_msvc" 1275 | version = "0.48.0" 1276 | source = "registry+https://github.com/rust-lang/crates.io-index" 1277 | checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" 1278 | 1279 | [[package]] 1280 | name = "zstd" 1281 | version = "0.12.4" 1282 | source = "registry+https://github.com/rust-lang/crates.io-index" 1283 | checksum = "1a27595e173641171fc74a1232b7b1c7a7cb6e18222c11e9dfb9888fa424c53c" 1284 | dependencies = [ 1285 | "zstd-safe", 1286 | ] 1287 | 1288 | [[package]] 1289 | name = "zstd-safe" 1290 | version = "6.0.6" 1291 | source = "registry+https://github.com/rust-lang/crates.io-index" 1292 | checksum = "ee98ffd0b48ee95e6c5168188e44a54550b1564d9d530ee21d5f0eaed1069581" 1293 | dependencies = [ 1294 | "libc", 1295 | "zstd-sys", 1296 | ] 1297 | 1298 | [[package]] 1299 | name = "zstd-sys" 1300 | version = "2.0.8+zstd.1.5.5" 1301 | source = "registry+https://github.com/rust-lang/crates.io-index" 1302 | checksum = "5556e6ee25d32df2586c098bbfa278803692a20d0ab9565e049480d52707ec8c" 1303 | dependencies = [ 1304 | "cc", 1305 | "libc", 1306 | "pkg-config", 1307 | ] 1308 | -------------------------------------------------------------------------------- /local-file-disclosure/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "local-file-read" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | actix-web = "4.3.1" 10 | actix-files = "0.6.2" -------------------------------------------------------------------------------- /local-file-disclosure/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a Rust environment (tested with Rust 1.71.1). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 3. Run! (see below) 5 | 6 | ## Usage 7 | 8 | Start the vulnerable app: 9 | 10 | ``` 11 | cargo run --example app-vuln 12 | ``` 13 | 14 | Start the fixed app: 15 | 16 | ``` 17 | cargo run --example app-fix 18 | ``` 19 | 20 | ## Announcement and solution 21 | 22 | Challenge announcement: 23 | 24 | - 🇫🇷 https://twitter.com/acceis/status/1620096659282853892 25 | - 🇬🇧 https://twitter.com/acceis/status/1620096662265016321 26 | 27 | Solution article: 28 | 29 | - 🇫🇷 https://www.acceis.fr/solution-de-lextrait-de-code-vulnerable-n7/ 30 | - 🇬🇧 https://www.acceis.fr/solution-for-the-vulnerable-code-snippet-n7/ 31 | -------------------------------------------------------------------------------- /local-file-disclosure/examples/app-fix.rs: -------------------------------------------------------------------------------- 1 | use actix_files as fs; 2 | use actix_web::{get, HttpResponse, Responder}; 3 | 4 | #[get("/")] 5 | async fn index() -> impl Responder { 6 | let html = "

Polygons!

"; 7 | HttpResponse::Ok().body(html) 8 | } 9 | 10 | #[actix_web::main] 11 | async fn main() -> std::io::Result<()> { 12 | use actix_web::{App, HttpServer}; 13 | 14 | HttpServer::new(|| 15 | App::new() 16 | .service(index) 17 | .service(fs::Files::new("/public", "../static")) 18 | ) 19 | .bind(("127.0.0.1", 8888))? 20 | .run() 21 | .await 22 | } -------------------------------------------------------------------------------- /local-file-disclosure/examples/app-vuln.rs: -------------------------------------------------------------------------------- 1 | use actix_files::NamedFile; 2 | use actix_web::{get, HttpRequest, HttpResponse, Responder, Result}; 3 | use std::path::PathBuf; 4 | 5 | #[get("/")] 6 | async fn index() -> impl Responder { 7 | let html = "

Polygons!

"; 8 | HttpResponse::Ok().body(html) 9 | } 10 | 11 | async fn r#static(req: HttpRequest) -> Result { 12 | let path: PathBuf = req.match_info().query("filename").parse().unwrap(); 13 | Ok(NamedFile::open(path)?) 14 | } 15 | 16 | #[actix_web::main] 17 | async fn main() -> std::io::Result<()> { 18 | use actix_web::{web, App, HttpServer}; 19 | 20 | HttpServer::new(|| 21 | App::new() 22 | .service(index) 23 | .route(r#"/public/{filename:static/.+\.svg}"#, web::get().to(r#static)) 24 | ) 25 | .bind(("127.0.0.1", 8888))? 26 | .run() 27 | .await 28 | } -------------------------------------------------------------------------------- /local-file-disclosure/static/polygons.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /open-redirect/.tool-versions: -------------------------------------------------------------------------------- 1 | ruby 3.2.0 2 | -------------------------------------------------------------------------------- /open-redirect/Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source 'https://rubygems.org' 4 | 5 | gem 'roda', '~> 3.63' 6 | gem 'puma', '~> 6.1' 7 | gem 'rackup', '~> 2.1' -------------------------------------------------------------------------------- /open-redirect/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | nio4r (2.5.8) 5 | puma (6.1.0) 6 | nio4r (~> 2.0) 7 | rack (3.0.4.1) 8 | rackup (2.1.0) 9 | rack (>= 3) 10 | webrick (~> 1.8) 11 | roda (3.65.0) 12 | rack 13 | webrick (1.8.1) 14 | 15 | PLATFORMS 16 | x86_64-linux 17 | 18 | DEPENDENCIES 19 | puma (~> 6.1) 20 | rackup (~> 2.1) 21 | roda (~> 3.63) 22 | 23 | BUNDLED WITH 24 | 2.4.1 25 | -------------------------------------------------------------------------------- /open-redirect/README.md: -------------------------------------------------------------------------------- 1 | ## Installation 2 | 3 | 1. Set up a Ruby environment (tested with Ruby 3.2.0). It's recommended to use a virtual environment using [ASDF-VM](https://asdf-vm.com/). 4 | 2. Install dependencies: `bundle install`. 5 | 3. Run! (see below) 6 | 7 | ## Usage 8 | 9 | Start the vulnerable app: 10 | 11 | ``` 12 | VULN=on bundle exec rackup -s puma 13 | ``` 14 | 15 | Start the fixed app: 16 | 17 | ``` 18 | VULN=off bundle exec rackup -s puma 19 | ``` 20 | 21 | ## Announcement and solution 22 | 23 | Challenge announcement: 24 | 25 | - 🇫🇷 https://twitter.com/acceis/status/1620096659282853892 26 | - 🇬🇧 https://twitter.com/acceis/status/1620096662265016321 27 | 28 | Solution article: 29 | 30 | - 🇫🇷 https://www.acceis.fr/solution-de-lextrait-de-code-vulnerable-n1 31 | - 🇬🇧 https://www.acceis.fr/solution-for-the-vulnerable-code-snippet-n1 32 | -------------------------------------------------------------------------------- /open-redirect/app.fix.rb: -------------------------------------------------------------------------------- 1 | require "roda" 2 | 3 | class App < Roda 4 | route do |r| 5 | r.root do 6 | r.redirect '/acceis' 7 | end 8 | r.get 'acceis' do 9 | @base_url = 'https://www.acceis.fr' 10 | if r.params['redirect_url'].nil? 11 | r.redirect '/logout' 12 | elsif /\A#{Regexp.escape(@base_url)}\/.*\Z/.match?(r.params['redirect_url']) 13 | r.redirect r.params['redirect_url'] 14 | else 15 | r.redirect 'https://www.acceis.fr/rejoignez-nous/' 16 | end 17 | end 18 | r.get 'logout' do 19 | 'You are disconnected!' 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /open-redirect/app.vuln.rb: -------------------------------------------------------------------------------- 1 | require "roda" 2 | 3 | class App < Roda 4 | route do |r| 5 | r.root do 6 | r.redirect '/acceis' 7 | end 8 | r.get 'acceis' do 9 | @base_url = 'https://www.acceis.fr' 10 | if r.params['redirect_url'].nil? 11 | r.redirect '/logout' 12 | elsif /^#{@base_url}\/.*$/i.match?(r.params['redirect_url']) 13 | r.redirect r.params['redirect_url'] 14 | else 15 | r.redirect 'https://www.acceis.fr/rejoignez-nous/' 16 | end 17 | end 18 | r.get 'logout' do 19 | 'You are disconnected!' 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /open-redirect/config.ru: -------------------------------------------------------------------------------- 1 | if ENV['VULN'] == 'on' 2 | require_relative 'app.vuln' 3 | elsif ENV['VULN'] == 'off' 4 | require_relative 'app.fix' 5 | else 6 | require_relative 'app.vuln' 7 | end 8 | 9 | run App.freeze.app --------------------------------------------------------------------------------