diff options
author | Azul <azul@leap.se> | 2013-08-07 17:45:03 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2013-08-07 17:46:08 +0200 |
commit | 8e2bff3fb077410fd7facc41e4a460b402e08045 (patch) | |
tree | b73637ad3784d4d09ff03c29c8e1853ca74b1305 /users/test/integration | |
parent | 21f39bf368ea1e0deb70eb918f0947fb6fbd900d (diff) |
integration test exploiting srp vulnerability
Diffstat (limited to 'users/test/integration')
-rw-r--r-- | users/test/integration/browser/account_test.rb | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index ce63baf..b5776ff 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -20,4 +20,23 @@ class AccountTest < BrowserIntegrationTest assert_equal '/', current_path end + # trying to seed an invalid A for srp login + test "detects attempt to circumvent SRP" do + user = FactoryGirl.create :user + visit '/sessions/new' + fill_in 'Username', with: user.login + fill_in 'Password', with: "password" + inject_malicious_js + click_on 'Log In' + assert !page.has_content?("Welcome") + end + + def inject_malicious_js + page.execute_script <<-EOJS + var calc = new srp.Calculate(); + calc.A = function(_a) {return "00";}; + calc.S = calc.A; + srp.session = new srp.Session(null, calc); + EOJS + end end |