Continue from Part I , I am going to show how a hacker can exploit a mass-assignment vulnerability through unauthorized POST request.
Open your rails application, add make sure the users_controller look like this:
1 2 3 4 5 6 7
So the admin paramter is permmited.
Now go to your application.rb file, and comment out this line:
1 2 3 4 5 6 7 8 9 10
Rails has a default protection method to prevent CSRF attacks, so your application won’t accept any post request without an site-generated authentication token. (It is good to know that you are protected!). And DON’T ever comment out this line in your production. We are ingoring this protection layer just for a proof of concept.
Now open up your terminl, and do
curl --request POST --globoff 'http://localhost:3000/users' -d 'user[name]=massass&user[admin]=1'
We send a POST request through curl, and set the admin to 1. Open up our application in the browse, you will see,
This concludes today’s post.