Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a vulnerable API module #670

Merged
merged 31 commits into from
Jan 29, 2025
Merged

Added a vulnerable API module #670

merged 31 commits into from
Jan 29, 2025

Conversation

digininja
Copy link
Owner

No description provided.

digininja added 30 commits October 2, 2024 12:27
@digininja
starting API build
1fe14d3
@digininja
first files
18c38b5
@digininja
Basics are working
0f76d3b
@digininja
All working and documented
254c11b 
I need to make the user system persistent and then add some
vulnerabilities. There are already some in there, but we need some good
ones.
@digininja
missing include
e895a43
@digininja
low working
979265e
@digininja
added api versioning
9097c0f
@digininja
medium and low working
97cc416
@digininja
RCE and generic options response
6e41e1d
@digininja
better description
d0cd7f4
@digininja
starting orders
4c3b2ac
@digininja
low finished
d7f2316
@digininja
improved help page
b53c636
@digininja
medium working
a34389f
@digininja
tidy space
6e2d8bb
@digininja
orders working
42ea586
@digininja
login controller written and added to orders
0f758ac
@digininja
checking content type
36ab59e
@digininja
login is now OAUTH2
7f15de1
@digininja
refresh token working but no auth
cb4793b
@digininja
login tokens are encrypted and will expire
5f92df7
@digininja
All login stuff working
133ce09
@digininja
check if decrypt worked ok
677d859
@digininja
tidying up the levels
9c193cc
@digininja
echo function added
b4d82b1
@digininja
more links
0d0a7e1
@digininja
typo
0577e1d
@digininja
impossible level
9217125
@digininja
updated composer stuff
eb475ab
@digininja
calling openapi openapi, not swagger
4790347
@digininja digininja merged commit a96943d into master Jan 29, 2025
2 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 29, 2025
View reviewed changes
vulnerabilities/api/src/LoginController.php
$client_secret = $_SERVER['PHP_AUTH_PW'];

# App auth check
if ($client_id == "1471.dvwa.digi.ninja" && $client_secret == "ABigLongSecret") {

Check failure

Code scanning / Secrets Audit

Cleartext Storage of Sensitive Information. Error

Credential in plaintext? Rule: Env Var
Line: if ($client_id == "1471.dvwa.digi.ninja" && $client_secret == "ABigLongSecret") { Commit: .
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 29, 2025
View reviewed changes
vulnerabilities/api/public/index.php
}

// pass the request method and order ID to the OrderController and process the HTTP request:
$controller = new OrderController($requestMethod, $version, $orderId);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed. Warning

Class Src \ OrderController has no __construct, but arguments were passed.
vulnerabilities/api/public/index.php
}

// pass the request method and user ID to the UserController and process the HTTP request:
$controller = new UserController($requestMethod, $version, $userId);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed. Warning

Class Src \ UserController has no __construct, but arguments were passed.
vulnerabilities/api/public/index.php
}

$command = $local_uri[2];
$controller = new HealthController($requestMethod, $version, $command);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed. Warning

Class Src \ HealthController has no __construct, but arguments were passed.
vulnerabilities/api/public/index.php
}

$command = $local_uri[2];
$controller = new LoginController($requestMethod, $version, $command);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed. Warning

Class Src \ LoginController has no __construct, but arguments were passed.
vulnerabilities/api/src/HealthController.php
}

#[OAT\Post(
tags: ["health"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22. Warning

Syntax error, unexpected T_STRING on line 22.
vulnerabilities/api/src/UserController.php
}

#[OAT\Get(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22. Warning

Syntax error, unexpected T_STRING on line 63.
vulnerabilities/api/src/UserController.php
}

#[OAT\Get(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22. Warning

Syntax error, unexpected T_STRING on line 98.
vulnerabilities/api/src/UserController.php
}

#[OAT\Post(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22. Warning

Syntax error, unexpected T_STRING on line 126.
vulnerabilities/api/src/UserController.php
}

#[OAT\Put(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22. Warning

Syntax error, unexpected T_STRING on line 175.
vulnerabilities/api/src/UserController.php
}

#[OAT\Delete(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22. Warning

Syntax error, unexpected T_STRING on line 233.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@digininja