Skip to main content

Insecure functionality - File Creation

Description

For an authenticated user with a profile that restricts certain functions, the restriction is performed on the front end by disabling the corresponding button, which can be bypassed and the query is processed when it is sent.

Impact

Access customer information on a massive scale.

Recommendation

Verify on the server side that the user making the request has sufficient permissions.

Threat

Authenticated user from the Internet.

Expected Remediation Time

⌚ 30 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: H
  • Integrity: N
  • Availability: N

Temporal

  • Exploit code madurity: X
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
  • Score:
    • Base: 6.5
    • Temporal: 6.5
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

Always perform both front end and server side validation of a users credentials

const createFile = (req, res) => {
if (isValidUser(req.body.user)) {
const fileToDelete = req.body.filePath;
if (!db.has(fileToDelete) && req.body.userId.role == "ADMIN"){
db.createFile(fileToDelete);
}esle{
//Code to handle unauthorized users trying to create files
}
}
}

Non compliant code

The server side of the application does not validate user permissions before creating a file

const createFile = (req, res) => {
if (isValidUser(req.body.user)) {
const fileToDelete = req.body.filePath;
if (!db.has(fileToDelete)){
db.createFile(fileToDelete);
}
}
}

Requirements

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.