new page public state altering operation

public/index.php

@@ -114,6 +114,8 @@
 require __DIR__ . '/../src/app/vulnerabilities/source-disclosure.php';
 require __DIR__ . '/../src/app/vulnerabilities/info-disclosure.php';
 require __DIR__ . '/../src/app/vulnerabilities/mass-assignment.php';
+require __DIR__ . '/../src/app/vulnerabilities/publicEndpoint.php';
+require __DIR__ . '/../src/app/vulnerabilities/basicresponsemanipulation.php';
 
 
 // False positives section

src/app/login/hypejablogin.php

@@ -137,10 +137,23 @@ function (Request $request, Response $response) {
     }
 
     $key = 'my_secret_astra_key';
+    $tokenData = [
+        "user_id" => 123,
+        "username" => "exampleuser",
+        "scope" => "limited"
+    ];
+
+    $actualToken = [
+        "user_id" => 123,
+        "username" => "exampleuser",
+        "panCard" => "AKYSG1973G"
+    ];
+
+    $bodytoken = JWT::encode($tokenData, $key, 'HS256');
 
     try {
         $decoded = JWT::decode($token, new Key($key, 'HS256'));
-        $response->getBody()->write('<p>Access Granted. Decoded Data: ' . json_encode($decoded) . '</p>');
+        $response->getBody()->write('<h3>'.$bodytoken.'</h3><p>Access Granted. Decoded Data: ' . json_encode($actualToken) . '</p>');
         return $response->withHeader("content-type", "text/html")
             ->withStatus(200);
     } catch (Exception $e) {

src/app/vulnerabilities/basicresponsemanipulation.php

@@ -0,0 +1,18 @@
+<?php
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Factory\AppFactory;
+
+$app->get(
+    '/response',
+    function (Request $request, Response $response) {
+        $data = [
+            'success' => true,
+        ];
+        $dataJson = json_encode($data, JSON_PRETTY_PRINT);
+        $response->getBody()->write($dataJson);
+        return $response->withHeader("content-type", "application/json")
+                        ->withStatus(200);
+    }
+);

src/app/vulnerabilities/publicEndpoint.php

@@ -0,0 +1,29 @@
+<?php
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Factory\AppFactory;
+
+$app->get('/public-endpoint', function (Request $request, Response $response) {
+    $data = [
+        "hello" => "world"
+    ];
+    $json_data = json_encode($data, JSON_PRETTY_PRINT);
+    $response->getBody()->write($json_data);
+    return $response->withHeader("content-type", "application/json")
+                    ->withStatus(200);
+});
+
+$app->post('/public-endpoint', function (Request $request, Response $response) {
+    $response->getBody()->write('
+        hello public');
+    return $response->withHeader("content-type", "text/html")
+                    ->withStatus(200);
+});
+
+$app->options('/public-endpoint', function (Request $request, Response $response) {
+    $response->getBody()->write('');
+    return $response->withHeader("content-type", "text/html")
+                    ->withHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+                    ->withStatus(200);
+});