diff --git a/OWASPApiTop10/README.md b/OWASPApiTop10/README.md index 4b3295c..b3f75fd 100644 --- a/OWASPApiTop10/README.md +++ b/OWASPApiTop10/README.md @@ -38,9 +38,9 @@ gin的session在知道secret之后就可以任意伪造 `/v2/register` -前端请求有隐藏的admin标签,可以手动加上,admin为true可以注册为管理员权限用户 +前端请求有admin字段,可以手动修改,admin为true可以注册为管理员权限用户 -username=123&password=123&admin=false +`{"username": "123","password": "123","email": "test@123.com","admin": "true"}` ### API7: Security misconfiguration [✔︎] diff --git a/OWASPApiTop10/docker/src/api/API6_MassAssignment.go b/OWASPApiTop10/docker/src/api/API6_MassAssignment.go index 638f11f..13a2fd5 100644 --- a/OWASPApiTop10/docker/src/api/API6_MassAssignment.go +++ b/OWASPApiTop10/docker/src/api/API6_MassAssignment.go @@ -56,8 +56,8 @@ func Register(c *gin.Context) { return } //向数据库插入用户 - sql1 := "INSERT INTO user (token,username,password,email) VALUES (?,?,?,?);" - res1, err1 := db.Exec(sql1, Token(), request.Username, MD5(request.Password), request.Email) + sql1 := "INSERT INTO user (token,username,password,email,admin) VALUES (?,?,?,?,?);" + res1, err1 := db.Exec(sql1, Token(), request.Username, MD5(request.Password), request.Email, func() int{if request.Admin=="true"{return 1}else{return 0}}()) if err1 != nil { fmt.Println("register insert error: ", err1) c.JSON(400, gin.H{"code": 400, "msg": "Register error!"}) diff --git a/OWASPApiTop10/source/api/API6_MassAssignment.go b/OWASPApiTop10/source/api/API6_MassAssignment.go index 638f11f..13a2fd5 100644 --- a/OWASPApiTop10/source/api/API6_MassAssignment.go +++ b/OWASPApiTop10/source/api/API6_MassAssignment.go @@ -56,8 +56,8 @@ func Register(c *gin.Context) { return } //向数据库插入用户 - sql1 := "INSERT INTO user (token,username,password,email) VALUES (?,?,?,?);" - res1, err1 := db.Exec(sql1, Token(), request.Username, MD5(request.Password), request.Email) + sql1 := "INSERT INTO user (token,username,password,email,admin) VALUES (?,?,?,?,?);" + res1, err1 := db.Exec(sql1, Token(), request.Username, MD5(request.Password), request.Email, func() int{if request.Admin=="true"{return 1}else{return 0}}()) if err1 != nil { fmt.Println("register insert error: ", err1) c.JSON(400, gin.H{"code": 400, "msg": "Register error!"})