koenbuyens / vulnerable-oauth-2.0-applications Goto Github PK
View Code? Open in Web Editor NEWvulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
docker-compose up
ERROR: yaml.scanner.ScannerError: mapping values are not allowed here
in "./docker-compose.yml", line 33, column 70
Getting this error when running docker-compose up using docker-compose.yml
I believe Auth code grant flow is in use in the photoprint/gallery web application demo. I am sending response type=code in the request and in response , I am getting auth code, if I use this to access resources without providing client id+secret , am able to get access to resource pcitures .
Am I missing something here or is it a flaw there ?
Error: Cannot find module 'express-session'
Require stack:
Node.js v18.19.0
"dependencies": {
"amdefine": "^1.0.1",
"array-set": "^0.1.2",
"connect-ensure-login": "^0.1.1",
"cookie-parser": "^1.4.3",
"errorhandler": "^1.5.0",
"express": "^4.16.3",
"express-session": "^1.15.6",
"helmet": "^3.13.0",
"jade": "^1.11.0",
"mongoose": "^5.2.14",
"morgan": "^1.9.1",
"multer": "^1.3.1",
"oauth2orize": "^1.11.0",
"passport": "^0.4.0",
"passport-http": "^0.3.0",
"passport-http-bearer": "^1.0.1",
"passport-local-mongoose": "^5.0.1",
"passport-oauth2-client-password": "^0.1.2",
"pug": "^2.0.3"
}
package.json
file in Vulnerable-OAuth-2.0-Applications/insecureapplication/gallery
declares a package - array-set
- as one of its dependecies. Though, the installation is aborted after the following error is thrown
4.751 npm ERR! code E404
4.754 npm ERR! 404 Not Found - GET https://registry.npmjs.org/array-set/-/array-set-0.1.2.tgz
4.754 npm ERR! 404
4.754 npm ERR! 404 '[email protected]' is not in the npm registry.
4.755 npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
4.756 npm ERR! 404 It was specified as a dependency of 'app'
4.756 npm ERR! 404
4.756 npm ERR! 404 Note that you can also install from a
4.757 npm ERR! 404 tarball, folder, http url, or git url.
Upon searching manually, and doing an npm search array-set
, it was found out that the package, with the name array-set
, doesn't exist anymore which breaks the installation.
If you get the following error and MongoDb crashes:
Error parsing command line: unrecognized option '--smartfiles'
simply change the image tag on docker-compose.yml:
image: mongo:4.0
Do you know elearnsecurity which is now ine.com use this repo as a learning material???
Hi,
I have a problem with mongo db.
Here my result when i launch docker-compose up :
% docker-compose up Recreating mongodb ... done Starting insecureapplication_selenium_1 ... done Recreating mongoseed ... done Recreating gallery ... done Recreating photoprint ... done Recreating attacker ... done Attaching to mongodb, insecureapplication_selenium_1, mongoseed, gallery, photoprint, attacker gallery | gallery | > [email protected] start /usr/src/app gallery | > node app.js gallery | selenium_1 | 2022-10-31 18:23:42,553 INFO Included extra file "/etc/supervisor/conf.d/selenium-debug.conf" during parsing selenium_1 | 2022-10-31 18:23:42,559 INFO Included extra file "/etc/supervisor/conf.d/selenium.conf" during parsing selenium_1 | 2022-10-31 18:23:42,563 INFO supervisord started with pid 7 selenium_1 | 2022-10-31 18:23:43,573 INFO spawned: 'xvfb' with pid 9 selenium_1 | 2022-10-31 18:23:43,576 INFO spawned: 'fluxbox' with pid 10 selenium_1 | 2022-10-31 18:23:43,615 INFO spawned: 'vnc' with pid 11 selenium_1 | 2022-10-31 18:23:43,716 INFO spawned: 'selenium-standalone' with pid 13 selenium_1 | 2022-10-31 18:23:44,125 INFO success: xvfb entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) selenium_1 | 2022-10-31 18:23:44,125 INFO success: fluxbox entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) selenium_1 | 2022-10-31 18:23:44,125 INFO success: vnc entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) selenium_1 | 2022-10-31 18:23:44,126 INFO success: selenium-standalone entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) selenium_1 | 18:23:45.760 INFO [GridLauncherV3.parse] - Selenium server version: 3.141.59, revision: e82be7d358 selenium_1 | 18:23:46.342 INFO [GridLauncherV3.lambda$buildLaunchers$3] - Launching a standalone Selenium Server on port 4444 selenium_1 | 2022-10-31 18:23:46.578:INFO::main: Logging initialized @2624ms to org.seleniumhq.jetty9.util.log.StdErrLog mongodb | mongodb | WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that! mongodb | see https://jira.mongodb.org/browse/SERVER-54407 mongodb | see also https://www.mongodb.com/community/forums/t/mongodb-5-0-cpu-intel-g4650-compatibility/116610/2 mongodb | see also https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 mongodb | mongodb exited with code 132 mongoseed | mongoseed | WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that! mongoseed | see https://jira.mongodb.org/browse/SERVER-54407 mongoseed | see also https://www.mongodb.com/community/forums/t/mongodb-5-0-cpu-intel-g4650-compatibility/116610/2 mongoseed | see also https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 mongoseed | photoprint | photoprint | > [email protected] start /usr/src/app photoprint | > node app.js photoprint | photoprint | Printing Application listening on http://localhost:3000 attacker | attacker | > [email protected] start /usr/src/app attacker | > node app.js attacker | selenium_1 | 18:23:47.797 INFO [WebDriverServlet.<init>] - Initialising WebDriverServlet gallery | Gallery Application listening on :::3005 gallery | (node:17) UnhandledPromiseRejectionWarning: MongoNetworkError: failed to connect to server [mongodb:27017] on first connect [MongoNetworkError: getaddrinfo EAI_AGAIN mongodb:27017] gallery | at Pool.<anonymous> (/usr/src/app/node_modules/mongodb-core/lib/topologies/server.js:564:11) gallery | at emitOne (events.js:116:13) gallery | at Pool.emit (events.js:211:7) gallery | at Connection.<anonymous> (/usr/src/app/node_modules/mongodb-core/lib/connection/pool.js:317:12) gallery | at Object.onceWrapper (events.js:317:30) gallery | at emitTwo (events.js:126:13) gallery | at Connection.emit (events.js:214:7) gallery | at Socket.<anonymous> (/usr/src/app/node_modules/mongodb-core/lib/connection/connection.js:246:50) gallery | at Object.onceWrapper (events.js:315:30) gallery | at emitOne (events.js:116:13) gallery | at Socket.emit (events.js:211:7) gallery | at emitErrorNT (internal/streams/destroy.js:73:8) gallery | at _combinedTickCallback (internal/process/next_tick.js:139:11) gallery | at process._tickCallback (internal/process/next_tick.js:181:9) gallery | (node:17) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) gallery | (node:17) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code. selenium_1 | 18:23:48.093 INFO [SeleniumServer.boot] - Selenium Server is up and running on port 4444 attacker | Attacker Application listening on :::1337 mongoseed | 2022-10-31T18:24:12.950+0000 error connecting to host: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb:27017, Type: Unknown, Last error: connection() error occurred during connection handshake: dial tcp: lookup mongodb: Temporary failure in name resolution }, ] } mongoseed exited with code 1
when i to registered a user in galley i got follwing error : undefine value name
solution
go in model open user.js and set name:{require:false}
and go in mongodb and remove name field by typing command
db.users.dropIndex("name_1")
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.