$ sudo docker pull blabla1337/owasp-skf-lab:js-racecondition-file-write$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:js-racecondition-file-writeapp.get("/:value", (req, res) => {
fs.writeFileSync("shared-file.txt", req.params.value);
fs.open("shared-file.txt", "r", (err, fd) => {
let file = fs.readFileSync("shared-file.txt", "utf8");
res.setHeader("Content-Type", "text/html", "charset=utf-8");
res.setHeader(
"Content-Disposition",
"attachment; filename=shared-file.txt"
);
res.sendFile(__dirname + "/shared-file.txt");
});
});fs.writeFileSync("shared-file.txt", req.params.value);fs.open("shared-file.txt", "r", (err, fd) => {
let file = fs.readFileSync("shared-file.txt", "utf8");
res.setHeader("Content-Type", "text/html", "charset=utf-8");
res.setHeader("Content-Disposition", "attachment; filename=shared-file.txt");
res.sendFile(__dirname + "/shared-file.txt");
});
#!/bin/bash
while true; do
curl -i -s -k -X $'GET' -H $'Host: localhost:5000' $'http://localhost:5000/111' | grep "111"
done
$ sudo docker pull blabla1337/owasp-skf-lab:racecondition-file-write$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:racecondition-file-write@app.route("/<string:value>", methods=['GET'])
def home(value):
# Create a Python file object using open() and the with statement
with open("shared-file.txt", 'w') as f:
f.write(value)
f.closed
f.closed
file = open("shared-file.txt", "r")
response = make_response(send_file("shared-file.txt", attachment_filename="shared-file.txt"))
response.headers.set("Content-Type", "text/html; charset=utf-8")
response.headers.set("Content-Disposition", "attachment; filename=shared-file.txt")
return responsewith open("shared-file.txt", 'w') as f:
f.write(value)
f.closed
f.closed file = open("shared-file.txt", "r")
response = make_response(send_file("shared-file.txt", attachment_filename="shared-file.txt"))
response.headers.set("Content-Type", "text/html; charset=utf-8")
response.headers.set("Content-Disposition", "attachment; filename=shared-file.txt")
return response
#!/bin/bash
while true; do
curl -i -s -k -X $'GET' -H $'Host: localhost:5000' $'http://localhost:5000/111' | grep "111"
done
$ sudo docker pull blabla1337/owasp-skf-lab:java-racecondition-file-write$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:java-race-condition-file-writepublic class RaceConditionController {
@GetMapping("/{value}")
public ResponseEntity<Object> downloadFile(@PathVariable String value, Model model) throws IOException {
FileWriter fileWriter = new FileWriter("shared-file.txt", false);
fileWriter.write(value);
fileWriter.close();
File file = new File("shared-file.txt");
InputStreamResource resource = new InputStreamResource(new FileInputStream(file));
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Disposition", String.format("attachment; filename=\"%s\"", file.getName()));
headers.add("Cache-Control", "no-cache, no-store, must-revalidate");
headers.add("Pragma", "no-cache");
headers.add("Expires", "0");
ResponseEntity<Object> responseEntity = ResponseEntity.ok().headers(headers).contentLength(file.length())
.contentType(
MediaType.parseMediaType("application/txt"))
.body(resource);
return responseEntity;
}
}InputStreamResource resource = new InputStreamResource(new FileInputStream(file));HttpHeaders headers = new HttpHeaders();
headers.add("Content-Disposition", String.format("attachment; filename=\"%s\"", file.getName()));
headers.add("Cache-Control", "no-cache, no-store, must-revalidate");
headers.add("Pragma", "no-cache");
headers.add("Expires", "0");
ResponseEntity<Object> responseEntity = ResponseEntity.ok().headers(headers).contentLength(file.length())
.contentType(MediaType.parseMediaType("application/txt"))
.body(resource);
return responseEntity;
#!/bin/bash
while true; do
curl -i -s -k -X $'GET' -H $'Host: localhost:5000' $'http://localhost:5000/111' | grep "111"
done