i think the vulnerablity maybe ==, but i dont know how to solve. please help me
users[username] --> users.username!
In Javascript, if an expression has a string, all elements in the expression will be considered a string.
For example, "3"+3 results in "33" since the number 3 is changed into "3".
This also holds in objects. If you write an equation like (Object)==(String), Then the object is converted into a string, using the toString() function implicitly. Pay attention that == is loose equality in Javascript.
const users = {
admin: genRanHex(16),
};
console.log(users.toString()); -> Prints '[object Object]'
console.log(users=='[object Object]'); -> Prints true, Since object users converted into string.
Now, with the example above, watch the loginRequired:
const loginRequired = basicAuth({
authorizer: (username, password) => { // <- This is the key - arbitrary input in username!
return users[username] == password;
},
unauthorizedResponse: "Unauthorized",
});
Javascript supports Computed Member Access-where you can access to members of certain object.
console.log(users.admin); -> A string of admin's password.
console.log(users['admin']); -> Also a string of admin's password. This is called Computed member access.
console.log(users['zxmck']); -> Returns undefined, if a member doesn't exist.
Now this is the final problem-what members does object 'users' have?
Hint: All Javascript objects have a special attribute-which is given from Javascript as default. Find the name of this attribute.
지식을 나누고 포인트를 획득해보세요.
