Closed ProZachJ closed 9 years ago
Your line numbers are messed up here since master has changed. can you update @ProZachJ
These need a check to see if the domain sent is in req.session.user.sites
https://github.com/DarkShield/daDashboard/blob/master/app/routes/router.js#L73 https://github.com/DarkShield/daDashboard/blob/master/app/routes/router.js#L81 https://github.com/DarkShield/daDashboard/blob/master/app/routes/router.js#L89 https://github.com/DarkShield/daDashboard/blob/master/app/routes/router.js#L116
toggleAttack is going to take an extra step of looking up the request _id in the db and returning the hostname. then checking that hostname against the session.
Several of our routes need additional validation to check that the domain provided by the client is one that the user owns.
Vulnerable Routes
Route that did it correctly https://github.com/DarkShield/daDashboard/blob/master/app/routes/router.js#L125