vulnerable-code-snippets/inconsistent-values/app.vuln.rb at master · Acceis/vulnerable-code-snippets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
require 'roda'
require 'uri'
require 'net/http'

class App < Roda
  route do |r|
    r.get 'local' do
      addr = r.get_header('HTTP_X_FORWARDED_FOR') ? r.get_header('HTTP_X_FORWARDED_FOR') : r.get_header('REMOTE_ADDR')
      addr = "http://#{addr}" # add protocol
      if URI.parse(addr).host == '127.0.0.1' # authorize admin access from local host only
        safe_addr = URI.parse(URI::Parser.new.escape(addr))
        safe_addr.path = '/login'
        data = {user: 'admin', pass: 'AJMMbzLckY37'}
        begin
          Net::HTTP.post_form(safe_addr, data)
        rescue Errno::ECONNREFUSED => e
          puts e.message
        ensure
          response.status = 200
          response.write 'Service proceeded'
        end
      else
        response.status = 403
        response.write "Not authorized from your address: #{addr}"
      end
    end
  end
end