CTF
/
path-normalization-bypasses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Ruby use case

This commit is contained in:
dub-flow 2024-05-16 15:03:45 +02:00
parent 52d0eb21d2
commit 57158826f2
6 changed files with 94 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -34,7 +34,9 @@ This repository contains different scenarios for bypassing 403s leverage path no
- `GET /admin;` also works here - `GET /admin;` also works here
- Moreover, `GET /admin\x09` (fancy hex character again!) works - Moreover, `GET /admin\x09` (fancy hex character again!) works
### Golang (Gin) - No Known Ways :| ### Golang (Gin) - No Known Ways (AFAIK) :|
* I couldn't find any research about this online * I couldn't find any research about this online
* Also, I wasn't able to find any ways to bypass this myself * Also, I wasn't able to find any ways to bypass this myself
### Ruby (Sinatra) - No Known Ways (AFAIK) :|

21
ruby-sinatra/Dockerfile Normal file
View File

@ -0,0 +1,21 @@
FROM ruby:3.1-alpine
# Install build tools and libraries needed to build native extensions
RUN apk add --no-cache build-base
# Set the working directory in the container
WORKDIR /usr/src/app
# Copy the Gemfile and Gemfile.lock into the working directory
COPY Gemfile Gemfile.lock ./
# Install the gems defined in the Gemfile
RUN bundle install
# Copy the current directory contents into the container
COPY . .
EXPOSE 5000
# Run app.rb when the container launches
CMD ["ruby", "app.rb"]

3
ruby-sinatra/Gemfile Normal file
View File

@ -0,0 +1,3 @@
source 'https://rubygems.org'
gem 'sinatra'
gem 'puma'

26
ruby-sinatra/Gemfile.lock Normal file
View File

@ -0,0 +1,26 @@
GEM
remote: https://rubygems.org/
specs:
base64 (0.2.0)
mustermann (3.0.0)
ruby2_keywords (~> 0.0.1)
rack (2.2.9)
rack-protection (3.2.0)
base64 (>= 0.1.0)
rack (~> 2.2, >= 2.2.4)
ruby2_keywords (0.0.5)
sinatra (3.2.0)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.2.0)
tilt (~> 2.0)
tilt (2.3.0)
PLATFORMS
ruby
DEPENDENCIES
sinatra
BUNDLED WITH
1.17.2

14
ruby-sinatra/app.rb Normal file
View File

@ -0,0 +1,14 @@
require 'sinatra'
set :port, 5000
set :bind, '0.0.0.0'
# Root route - Hello World
get '/' do
'Hello World from Ruby!'
end
# Admin route
get '/admin' do
'Ruby Admin area'
end

26
ruby-sinatra/docker-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: '3.8'
services:
app:
build: .
container_name: ruby-sinatra
ports:
- "5000:5000"
networks:
- app-network
nginx:
image: nginx
container_name: nginx_ruby
ports:
- "80:80"
volumes:
- ../nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- app
networks:
- app-network
networks:
app-network:
driver: bridge