A very insecure blog app that is designed to be attacked.
To start, don't look at the code. Try to figure out as much as you can before looking at the code.
rake db:create
rake db:migrate
rake db:seed
- Brute force account access. The app was written with very bad password validation. Try to write a script that will brute force the password. HINT: Even though there is no link to all of the restful routes for a user, they are still accessible from the URL. It may help you get the information you need.
- Password: Something about the password create is not to secure.
- Simple escalation of privileges: Certain features of the app are not restricted properly. Find out which features those are and prove that is exploitable.
- Escalation of privileges++: It is possible in the app to have admin power through signup. Figure out how.
- Session Hijacking: There are many insecurities about the session. Try decrypting the session. What do you see? What else about the session is not secure?
- CSRF: Prove that the site can be hacked with CSRF.
- SQL Injection: Find a sql injection attack in the site