The file is called logon_validate and a typical logon request looks like this?
Submitted by: AdministratorYou have been asked to review the source code for a compiled script that is being used to validate logon credentials for a web application. The file is called "logon_validate" and a typical logon request looks like this -
"GET /cgi-bin/logon_validate?login=test&password=test"
The source code is shown below -
void show_error(void) {
// AUTHENTICATION ERROR
exit(-1);
}
int main(int argc, char **argv) {
char error_on_auth='1';
char user[128];
char pass[128];
char *ch_ptr_begin;
char *ch_ptr_end;
/**********************************/
/* Get Username from Query String */
/**********************************/
ch_ptr_begin=(char *)strstr
(****QUERY_STRING****,"login=");
if (ch_ptr_begin==NULL)
show_error();
ch_ptr_begin+=6;
ch_ptr_end=(char *)strstr(ch_ptr_begin,"&");
if (ch_ptr_end==NULL)
show_error();
*(ch_ptr_end++)=' ';
strcpy(user,ch_ptr_begin);
/**********************************/
/* Get Password from Query String */
/**********************************/
ch_ptr_begin=(char *)strstr(ch_ptr_end,"password=");
if (ch_ptr_begin==NULL)
show_error();
ch_ptr_begin+=9;
ch_ptr_end=(char *)strstr(ch_ptr_begin,"&");
if (ch_ptr_end!=NULL) *(ch_ptr_end++)=' ';
strcpy(pass,ch_ptr_begin);
if ((strcmp(user,GOOD_USER)==0) &&
(strcmp(pass,GOOD_PASS)==0))
error_on_auth='0';
if (error_on_auth=='0') {
// AUTHENTICATION OK!!
} else {
// AUTHENTICATION ERROR
show_error();
}
// return(0); hehe could be evil ;PPPPP
exit(0);
}
This pseudo-code is taken from the NGSec Web Auth Games
http://quiz.ngsec.biz:8080/game1/level6/replicant.php
Do you see any problems with this script?
How could an attacker exploit this script to bypass
the authentication mechanisms in this script?
What are some mitigation options?
Note: Goal of question - This is most likely the most complex question being asked during the interview due to the fact that the applicant will need to apply multiple layers of analysis, including both the attacker and defender perspectives.
Submitted by: Administrator
"GET /cgi-bin/logon_validate?login=test&password=test"
The source code is shown below -
void show_error(void) {
// AUTHENTICATION ERROR
exit(-1);
}
int main(int argc, char **argv) {
char error_on_auth='1';
char user[128];
char pass[128];
char *ch_ptr_begin;
char *ch_ptr_end;
/**********************************/
/* Get Username from Query String */
/**********************************/
ch_ptr_begin=(char *)strstr
(****QUERY_STRING****,"login=");
if (ch_ptr_begin==NULL)
show_error();
ch_ptr_begin+=6;
ch_ptr_end=(char *)strstr(ch_ptr_begin,"&");
if (ch_ptr_end==NULL)
show_error();
*(ch_ptr_end++)=' ';
strcpy(user,ch_ptr_begin);
/**********************************/
/* Get Password from Query String */
/**********************************/
ch_ptr_begin=(char *)strstr(ch_ptr_end,"password=");
if (ch_ptr_begin==NULL)
show_error();
ch_ptr_begin+=9;
ch_ptr_end=(char *)strstr(ch_ptr_begin,"&");
if (ch_ptr_end!=NULL) *(ch_ptr_end++)=' ';
strcpy(pass,ch_ptr_begin);
if ((strcmp(user,GOOD_USER)==0) &&
(strcmp(pass,GOOD_PASS)==0))
error_on_auth='0';
if (error_on_auth=='0') {
// AUTHENTICATION OK!!
} else {
// AUTHENTICATION ERROR
show_error();
}
// return(0); hehe could be evil ;PPPPP
exit(0);
}
This pseudo-code is taken from the NGSec Web Auth Games
http://quiz.ngsec.biz:8080/game1/level6/replicant.php
Do you see any problems with this script?
How could an attacker exploit this script to bypass
the authentication mechanisms in this script?
What are some mitigation options?
Note: Goal of question - This is most likely the most complex question being asked during the interview due to the fact that the applicant will need to apply multiple layers of analysis, including both the attacker and defender perspectives.
Submitted by: Administrator
Read Online Computer security Job Interview Questions And Answers
Top Computer security Questions
☺ | What is a Firewall? |
☺ | Disaster Recovery Planning questions |
☺ | What is an ACL (Access Control List)? |
☺ | What is computer impersonation? |
☺ | What is Spyware? |
Top Basic Job Categories
☺ | Targeted Selection Interview Questions. |
☺ | Business intelligence Interview Questions. |
☺ | Puzzles Interview Questions. |
☺ | Behavioral Interview Questions. |
☺ | Freshers Graduate Interview Questions. |