1 of 1

NodeJS - Auth-bypass - Simple

Running the app on Docker

Now that the app is running let's go hacking!

Reconnaissance

While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply tampering with cookie values.

Let's log in with admin/admin.

We see an API key, let's check the cookies:

Exploitation

We have a cookie called userId, maybe this application is relying on this cookie for authentication, let's try changing it to 2.

The application did indeed use this cookie for authentication and now we have access to another user's API key.

Additional sources

NodeJS - Auth-bypass - Simple

Running the app on Docker

$ sudo docker pull blabla1337/owasp-skf-lab:js-auth-bypass-simple

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:js-auth-bypass-simple

Now that the app is running let's go hacking!

Reconnaissance

Let's log in with admin/admin.

We see an API key, let's check the cookies:

Exploitation

We have a cookie called userId, maybe this application is relying on this cookie for authentication, let's try changing it to 2.

The application did indeed use this cookie for authentication and now we have access to another user's API key.

NodeJS - Auth-bypass - Simple

hashtagRunning the app on Docker

hashtagReconnaissance

hashtagExploitation

hashtagAdditional sources

NodeJS - Auth-bypass - Simple

hashtagRunning the app on Docker

hashtagReconnaissance

hashtagExploitation

hashtagAdditional sources

Running the app on Docker

Reconnaissance

Exploitation

Additional sources

Running the app on Docker

Reconnaissance

Exploitation

Additional sources