Python Snippet #04

This challenge covers the review of a snippet of code written in Python

PRO
Tier
Easy
< 1 Hr.
910

Course


The Code Review Snippet challenges present you with small pieces of vulnerable code to test your ability to identify security flaws. In this lab, we examine a Python server script where your task is to spot vulnerabilities without initial guidance. If you struggle or want to confirm your findings, a detailed video explanation is available.

In the provided Python script, we see a server handling HTTP GET requests, retrieving a 'session_id' from cookies, and using it to read a file. This script has a critical vulnerability: it does not filter the session ID, allowing an attacker to read the first line of any file accessible to the server. Additionally, there is a minor Cross-Site Scripting (XSS) vulnerability when the username is displayed without proper sanitization.

Want to learn more? Get started with PentesterLab Pro! GO PRO