Python Snippet #02

This challenge covers the review of a snippet of code written in Python

PRO
Tier
Easy
< 1 Hr.
1096

Course


The Code Review Snippet challenges are designed to help you identify vulnerabilities in small snippets of code. In this particular challenge, you're provided with a Python script that fetches a URL. The script attempts to ensure the URL starts with "https://pentesterlab.com" but fails to validate the complete hostname, making it vulnerable.

The issue lies in line 10, where the script checks if the URL starts with "https://pentesterlab.com" but does not verify the entire hostname. This allows attackers to bypass the filter by using URLs like "https://pentesterlab.com.example.org." This oversight could lead to unintended data being fetched from malicious domains, highlighting the importance of thorough input validation.

Want to learn more? Get started with PentesterLab Pro! GO PRO