Sha256: e7703a098cf8c225227451fdf7e1d68f115ce549e4fb765ad122c872d6d8d0a0
Contents?: true
Size: 1.98 KB
Versions: 2
Compression:
Stored size: 1.98 KB
Contents
require 'sinatra'
require 'sinatra/contrib'
def logged_in?( cookies )
cookies[:logged_in] == 'true'
end
def common
<<-HTML
<form name='search' action='?'>
<input name='q' />
</form>
HTML
end
get '/' do
html = common
if logged_in?( cookies )
html << <<-HTML
<form name='insecure_important_form' action='?'>
<input name='hooa!' value='important stuff' />
</form>
<form name='secure_important_form' action='?'>
<input name='booya!' value='other important stuff' />
<input type='hidden' name='my_kewl_token' value='da39a3ee5e6b4b0d3255bfef95601890afd80709' />
</form>
HTML
end
html
end
get '/token_in_name' do
html = common
if logged_in?( cookies )
html << <<-HTML
<form name='insecure_important_form' action='?'>
<input name='hooa!' value='important stuff' />
</form>
<form name='secure_important_form' action='?'>
<input name='booya!' value='other important stuff' />
<input type='hidden' name='da39a3ee5e6b4b0d3255bfef95601890afd80709' />
</form>
HTML
end
html
end
get '/token_in_action' do
html = common
if logged_in?( cookies )
html << <<-HTML
<form name='insecure_important_form' action='?'>
<input name='hooa!' value='important stuff' />
</form>
<form name='secure_important_form' action='?da39a3ee5e6b4b0d3255bfef95601890afd80709'>
<input name='booya!' value='other important stuff' />
</form>
<form name='secure_important_form2' action='?da39a3ee5e6b4b0d3255bfef95601890afd80709=test'>
<input name='booya!' value='other important stuff' />
</form>
<form name='secure_important_form3' action='?test=da39a3ee5e6b4b0d3255bfef95601890afd80709'>
<input name='booya!' value='other important stuff' />
</form>
HTML
end
html
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| arachni-0.4.1.1 | spec/servers/modules/audit/csrf.rb |
| arachni-0.4.1 | spec/servers/modules/audit/csrf.rb |