Getting ready

For this recipe, we will use the Damn Vulnerable Web Services. It can be downloaded from its GitHub address at https://github.com/snoopysecurity/dvws. Download the latest version and copy it to the OWASP BWA virtual machine (or download it straight to it); we will put the code in /var/www/dvwebservices/.

This code is a collection of vulnerable web services made with the purpose of security testing; we will modify one of them to make it less vulnerable. Open the /var/www/dvwebservices/vulnerabilities/cors/server.php file with a text editor; it may be nano, included by default in the VM: nano /var/www/dvwebservices/vulnerabilities/cors/server.php

Look for all the instances where the Access-Control-Allow-Origin header is set and comment each of those lines, as shown in the next screenshot:

We also need to add a couple lines of code for the correct processing of the request parameters; the final code should be as follows:

<?php
$dictionary = array('secretword:one' => 'Kag8lzk0nM', 'secretword:two' => 'U6pIy6w0yX', 'secretword:three' => '9c0v73UWkj');
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST') {
  //header('Access-Control-Allow-Origin: *');
  header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');
  }
  exit;
}

$obj = (object)$_POST;
if(!isset($_POST["searchterm"]))
{
  $json = file_get_contents('php://input');
  $obj = json_decode($json);
}

if (array_key_exists($obj->searchterm, $dictionary)) {
 $response = json_encode(array('result' => 1, 'secretword' => $dictionary[$obj->searchterm]));
}
else {
 $response = json_encode(array('result' => 0, 'secretword' => 'Not Found'));
}
header('Content-type: application/json');
if (isset($_SERVER['HTTP_ORIGIN'])) {
 //header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
 header('Access-Control-Allow-Credentials: true');
} else {
 //header('Access-Control-Allow-Origin: *');
 header('Access-Control-Allow-Credentials: true');
}
echo $response;
?>
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.59.231