-
Notifications
You must be signed in to change notification settings - Fork 0
/
deserlizationChallenge02.go
58 lines (47 loc) · 1.45 KB
/
deserlizationChallenge02.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package main
import (
"encoding/json"
"fmt"
"net/http"
)
type Request struct {
Name string
Address string
Command string
}
func handleRequest(req Request) {
fmt.Println("Received request from", req.Name)
fmt.Println("Updating address to", req.Address)
// execute command
result, err := exec.Command(req.Command).Output()
if err != nil {
fmt.Println("Error: ", err)
return
}
fmt.Println(string(result))
}
func main() {
http.HandleFunc("/update", func(w http.ResponseWriter, r *http.Request) {
decoder := json.NewDecoder(r.Body)
var req Request
err := decoder.Decode(&req)
if err != nil {
http.Error(w, "Invalid request format", http.StatusBadRequest)
return
}
handleRequest(req)
w.Write([]byte("Success"))
})
http.ListenAndServe(":8080", nil)
}
/*
Solution:
This application listens to HTTP requests on port 8080, when it receives a request to the "/update" endpoint, it deserializes the JSON payload into the Request struct, and the handleRequest function updates the address and execute the command.
An attacker could exploit this vulnerability by sending a malicious payload that contains a command that gets executed as soon as it gets deserialized,
This payload would be deserialized into the Request struct and the handleRequest function would execute the command rm -rf /, which would delete the entire file system on the target system
{
"Name":"John Smith",
"Address":"http://attacker.com",
"Command":"rm -rf /"
}
*/