Code Review 01

This exercise is one of our challenges to help you learn how to review real source code

1-2 Hrs.


In this challenge, you are tasked with reviewing the source code of a file system adapter for Express, focusing on the session-file-store module written in JavaScript. This module allows session data to be stored in files rather than in memory, enabling persistent session management for Express applications. The main objective is to identify a weakness where user-controlled data is used without proper filtering or escaping, potentially leading to a vulnerability.

Express uses the express-session package to handle sessions, which can employ various storage mechanisms, including the file system. The challenge specifically requires you to brute force the key used to cryptographically sign the session to exploit the identified bug. You'll need to submit the name of the file and the line number where the weakness is found to complete the challenge successfully. By delving into the source code, you will gain insights into identifying and understanding code vulnerabilities within complex frameworks.

Want to learn more? Get started with PentesterLab Pro! GO PRO