VulnerableApp icon indicating copy to clipboard operation
VulnerableApp copied to clipboard

Published 20 hours ago verified publisher icon SasanLabs

Marking Vulnerability Variant as Secure for Http3xxStatusCodeBasedInjection Vulnerability

Open preetkaran20 opened this issue 4 years ago • 0 comments
trafficstars

Describe the bug There are few levels in Http3xxStatusCodeBasedInjection Vulnerability which are a secure implementation so we need to add the Secure variant to the Annotation. This bug also includes that exploiting all the levels and in case there are some levels that are not exploitable, marking them as secure.

To Reproduce Try exploiting the vulnerability.

Expected behavior Once a level is marked as secure then the UI will show the locked icon instead of unlocked icon. E.g:

Screenshot 2021-09-25 at 7 28 05 PM

** How to fix the issue ** Visit the file for the Vulnerability and change the annotation variant.

Annotation definition: https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/openRedirect/Http3xxStatusCodeBasedInjection.java#L246 https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/internal/utility/annotations/VulnerableAppRequestMapping.java#L31

preetkaran20 avatar Sep 25 '21 14:09 preetkaran20