User profile not found. Access is limited.

Secure Code Review

Secure code review is the process of analyzing source code to identify security vulnerabilities, coding errors, and potential threats. It helps ensure software security by detecting issues like SQL injection, cross-site scripting (XSS), and insecure authentication. Conducted manually or using automated tools, secure code reviews improve code quality, reduce risks, and enhance overall application security before deployment.

Task 1 Investigate this case

Scenario:
As a security consultant, you've been hired to perform a code review for DarkNet Bank, a high-risk financial institution. The bank has requested an in-depth audit to identify security vulnerabilities before they are exploited by hackers.

Your task is to analyze the provided code snippets and determine what vulnerabilities exist in the system. Each issue represents a real-world web security flaw that could compromise user data, financial transactions, or admin control.

Answer The Questions

Challenge 1: Hidden Request Attack

What to Look For: The backend does not properly validate HTTP request structures, allowing HTTP request smuggling.

Vulnerable Code:
@app.route('/transfer', methods=['POST'])
def transfer():
    length = int(request.headers.get("Content-Length", 0))
    if length > 0:
        body = request.get_data(length)
        process_request(body)
    return "Transfer Complete"

Challenge 2: Session Hijack

What to Look For: The system uses insecure deserialization to handle user sessions, making it vulnerable to object injection.

Vulnerable Code:
$session = unserialize($_COOKIE['session']);
echo "Welcome, " . $session['user'];
?>

Challenge 3: Encrypted Data Leak

What to Look For: The padding oracle attack exploits encryption errors to decrypt sensitive information.

Vulnerable Code:
def decrypt(data, key):
try:
cipher = AES.new(key, AES.MODE_CBC)
return unpad(cipher.decrypt(data), AES.block_size)
except ValueError:
return "Padding Error"

Challenge 4: Admin Panel Exploit

What to Look For: A DNS rebinding attack can allow attackers to bypass internal network restrictions and access admin functionalities.

Vulnerable Code:
fetch('http://admin.darknetbank.com')
.then(response => response.text())
.then(data => console.log(data));

Challenge 5: API Overload

What to Look For: The system does not limit repeated requests, making it susceptible to HTTP/2 DoS attacks.

Vulnerable Code:
@app.route('/api', methods=['POST'])
def api():
data = request.get_json()
process_request(data)
return "Success"

Challenge 6: Malicious Caching

What to Look For: The caching system can be manipulated to store malicious user inputs.

Vulnerable Code:
header("Cache-Control: public, max-age=3600");
if(isset($_GET['page'])) {
echo file_get_contents($_GET['page']);
}
?>

Challenge 7: Email Spoofing

What to Look For: The application trusts user-supplied Host headers, allowing host header injection.

Vulnerable Code:
@app.route('/reset-password', methods=['POST'])
def reset_password():
host = request.headers.get("Host")
send_email("Reset your password at " + host + "/reset-link")

Challenge 8: Bank Heist

What to Look For: The race condition vulnerability allows an attacker to withdraw money multiple times before the balance updates.

Vulnerable Code:
@app.route('/transfer', methods=['POST'])
def transfer():
balance = get_balance()
if balance > 0:
update_balance(balance - 100)
return "Transaction Successful"

Challenge 9: Code Injection

What to Look For: The system processes user input in a template engine, making it vulnerable to server-side template injection (SSTI).

Vulnerable Code:
@app.route('/render', methods=['POST'])
def render():
template = request.form['template']
return render_template_string(template)

Challenge 10: Token Forgery

What to Look For: The JWT authentication system accepts weak or unsigned tokens, allowing JWT None algorithm bypass.

Vulnerable Code:
def verify_jwt(token):
return jwt.decode(token, verify=False)

Final Challenge:

http://3.110.32.142/

Can You Find the hidden Flag On the WebSite ?