{"id":20257030,"url":"https://github.com/igorpolyakov/yetanotherbookcollection","last_synced_at":"2025-06-28T00:02:35.310Z","repository":{"id":89619068,"uuid":"102283871","full_name":"IgorPolyakov/YetAnotherBookCollection","owner":"IgorPolyakov","description":"YetAnotherBookCollection","archived":false,"fork":false,"pushed_at":"2017-09-30T12:17:08.000Z","size":523,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-10T18:55:05.474Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IgorPolyakov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-03T18:02:29.000Z","updated_at":"2017-10-02T05:51:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"2ba0b7e2-912d-4082-bb8b-771785f091d8","html_url":"https://github.com/IgorPolyakov/YetAnotherBookCollection","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/IgorPolyakov/YetAnotherBookCollection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IgorPolyakov%2FYetAnotherBookCollection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IgorPolyakov%2FYetAnotherBookCollection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IgorPolyakov%2FYetAnotherBookCollection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IgorPolyakov%2FYetAnotherBookCollection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IgorPolyakov","download_url":"https://codeload.github.com/IgorPolyakov/YetAnotherBookCollection/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IgorPolyakov%2FYetAnotherBookCollection/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262352373,"owners_count":23297675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T10:49:10.597Z","updated_at":"2025-06-28T00:02:35.255Z","avatar_url":"https://github.com/IgorPolyakov.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"YetAnotherBookCollection\n=======\n\nAuthor: Polyakov Igor\n\nSibirCTF 2017 `YetAnotherBookCollection` service\n\nInstallation\n------------\n\nRequired: postgresql, ruby, bundler, rails\n\nInstall dependencies:\n```\napt-get update\napt-get install ruby ruby-dev\ngem install bundler\n```\n\nRun\n------------\n```\nRAILS_ENV=production bundle exec rake db:create db:schema:load db:seed DISABLE_DATABASE_ENVIRONMENT_CHECK=1\nRAILS_ENV=production bundle exec rake assets:precompile\nRAILS_ENV=production bundle exec rails server\n```\n[Explotation]:\n------------\n\n- [x] A4 – Нарушение контроля доступа\n\n- [x] A1 – Внедрение кода\n\n- [x] A* – [Mass Assignment]\n\nToDo:\n------------\n- [ ] Bugs\n  - [x] DOS - to_sym. Symbol — это особый тип данных в Ruby, являющийся, по сути, константой, при этом сами символы никогда не удаляются сборщиком мусора. Соответственно можно забить память пользовательским вводом.\n\n- [x] Docker\n\n- [x] Juri\n\nDependency:\n------------\n- Rails\n\n- ImageMagic\n\n- PostgreSQL\n\n[Explotation]: https://habrahabr.ru/company/pentestit/blog/326272/\n[Mass Assignment]: https://xakep.ru/2013/12/03/ruby-on-rails-safe-problem/#toc06.\n\n\nChecker\n=======\n\nchecker.py\n\nURL\n---\n\nhttp://host:9999\n\nChecker input params\n--------------------\n\n```\n$1 = CMD\n$2 = HOST\n$3 = ID\n$4 = FLAG\n```\n\nExample checker call\n--------------------\n\n```\n#!/bin/bash\n\necho \"TEST CHECK\"\n./checker.py check 127.0.0.1\necho \"TEST PUT\"\n./checker.py put 127.0.0.1 user_name e23dewf43r3q4r8efd4\necho \"TEST GET\"\n./checker.py get 127.0.0.1 user_name e23dewf43r3q4r8efd4\n```\n\nExit codes\n----------\n```\n110 - ERROR\n104 - DOWN\n103 - MUMBLE\n102 - CORRUPT\n101 - SUCCESS\n```\n\nLicense\n-------\n\nMIT License\n\nCopyright (c) 2017 Igor Polyakov\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Figorpolyakov%2Fyetanotherbookcollection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Figorpolyakov%2Fyetanotherbookcollection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Figorpolyakov%2Fyetanotherbookcollection/lists"}