search

CounterHack / HolidayHack2017

SANS Holiday Hack Challenge 2017
1 stars 0 forks source link

Leaked server information on mail #16

Open vitapluvia opened 6 years ago

vitapluvia commented 6 years ago

When attempting to send various login requests to the server through burp, I noticed some interesting tracebacks when modifying Content-Type. This looks to be a bodyparser issue primarily, but still may want to fix it.

payload:

Content-Type: application/x-www-form-urlencoded; charset=4UTF-8

result:


UnsupportedMediaTypeError: unsupported charset "4UTF-8"
     at urlencodedParser (/opt/ewa/node_modules/body-parser/lib/types/urlencoded.js:108:12)
     at Layer.handle [as handle_request] (/opt/ewa/node_modules/express/lib/router/layer.js:95:5)
     at trim_prefix (/opt/ewa/node_modules/express/lib/router/index.js:317:13)
     at /opt/ewa/node_modules/express/lib/router/index.js:284:7
     at Function.process_params (/opt/ewa/node_modules/express/lib/router/index.js:335:12)
     at next (/opt/ewa/node_modules/express/lib/router/index.js:275:10)
     at jsonParser (/opt/ewa/node_modules/body-parser/lib/types/json.js:118:7)
     at Layer.handle [as handle_request] (/opt/ewa/node_modules/express/lib/router/layer.js:95:5)
     at trim_prefix (/opt/ewa/node_modules/express/lib/router/index.js:317:13)
     at /opt/ewa/node_modules/express/lib/router/index.js:284:7

The next one was even more revealing, showing the application code:

payload:

Content-Type: application/x-www-form-urlencoded; charset=}

result:

TypeError: Cannot read property 'trim' of undefined
     at login_Checker (/opt/ewa/app.js:179:39)
     at /opt/ewa/app.js:428:13
     at Layer.handle [as handle_request] (/opt/ewa/node_modules/express/lib/router/layer.js:95:5)
     at next (/opt/ewa/node_modules/express/lib/router/route.js:137:13)
     at Route.dispatch (/opt/ewa/node_modules/express/lib/router/route.js:112:3)
     at Layer.handle [as handle_request] (/opt/ewa/node_modules/express/lib/router/layer.js:95:5)
     at /opt/ewa/node_modules/express/lib/router/index.js:281:22
     at Function.process_params (/opt/ewa/node_modules/express/lib/router/index.js:335:12)
     at next (/opt/ewa/node_modules/express/lib/router/index.js:275:10)
     at serveStatic (/opt/ewa/node_modules/serve-static/index.js:75:16)