From 2b03f6e67e28224d212c8fd6dae00058d4fe2703 Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:32:50 +0400 Subject: [PATCH 01/16] feat: Add start.sh to replace 127.0.0.1:8000 with SP_HOST in Dockerfile --- vulnerablesp/Dockerfile | 43 ++++++++++++++++++++++------------------- vulnerablesp/start.sh | 12 ++++++++++++ 2 files changed, 35 insertions(+), 20 deletions(-) create mode 100644 vulnerablesp/start.sh diff --git a/vulnerablesp/Dockerfile b/vulnerablesp/Dockerfile index 953921b..848cb06 100644 --- a/vulnerablesp/Dockerfile +++ b/vulnerablesp/Dockerfile @@ -1,20 +1,23 @@ -FROM ubuntu:bionic - -RUN apt-get update -y -RUN apt-get install -y python2.7 python2.7-dev libxmlsec1 libxmlsec1-dev git python-pip python-dev build-essential nginx -RUN pip install --upgrade pip -RUN pip install -U setuptools - -COPY . /vulnerableSP -WORKDIR /vulnerableSP - -RUN pip install uwsgi -RUN pip install -r requirements.txt - -RUN python /vulnerableSP/setup.py install - -EXPOSE 8000 - -WORKDIR /vulnerableSP/yogiSP -#CMD ["python", "index.py"] -CMD ["uwsgi", "--ini", "vulnsp.ini"] +FROM ubuntu:bionic + +RUN apt-get update -y +RUN apt-get install -y python2.7 python2.7-dev libxmlsec1 libxmlsec1-dev git python-pip python-dev build-essential nginx +RUN pip install --upgrade pip +RUN pip install -U setuptools + +COPY . /vulnerableSP +WORKDIR /vulnerableSP + +RUN pip install uwsgi +RUN pip install -r requirements.txt + +RUN python /vulnerableSP/setup.py install + +EXPOSE 8000 + +WORKDIR /vulnerableSP/yogiSP +#CMD ["python", "index.py"] +COPY start.sh /vulnerableSP/start.sh +RUN chmod +x /vulnerableSP/start.sh + +CMD ["/vulnerableSP/start.sh", "uwsgi", "--ini", "vulnsp.ini"] diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh new file mode 100644 index 0000000..cab8b4b --- /dev/null +++ b/vulnerablesp/start.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# Replace 127.0.0.1:8000 with SP_HOST in source files +if [ -z "$SP_HOST" ]; then + echo "SP_HOST is not set. Exiting." + exit 1 +fi + +find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} \; + +# Start the application +exec "$@" From 9ed3b04e99f93aac48266641063c3c869b3583fd Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:33:47 +0400 Subject: [PATCH 02/16] fix: Update start.sh for recursive replacement of 127.0.0.1:8000 with SP_HOST --- vulnerablesp/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index cab8b4b..677c953 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -6,7 +6,7 @@ if [ -z "$SP_HOST" ]; then exit 1 fi -find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} \; +find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + # Start the application exec "$@" From 47c606bf7497b9aee74268b575f932de26e3475a Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:34:29 +0400 Subject: [PATCH 03/16] fix: Add conditional check for SP_HOST in start.sh script --- vulnerablesp/start.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index 677c953..c3569b4 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -6,7 +6,9 @@ if [ -z "$SP_HOST" ]; then exit 1 fi -find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + +if [ -n "$SP_HOST" ]; then + find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + +fi # Start the application exec "$@" From 1f23e76a6461a9efd85d3ec0ec7cd598880ac0b9 Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:35:01 +0400 Subject: [PATCH 04/16] feat: Replace 127.0.0.1 with IDP_HOST in start.sh script --- vulnerablesp/start.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index c3569b4..88d9038 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -10,5 +10,8 @@ if [ -n "$SP_HOST" ]; then find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + fi -# Start the application +# Replace 127.0.0.1 with IDP_HOST in source files +if [ -n "$IDP_HOST" ]; then + find /vulnerableSP -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + +fi exec "$@" From d57e9ccb52d69335d03ce564bf5605816cd4f760 Mon Sep 17 00:00:00 2001 From: alexkutsan Date: Mon, 27 Jan 2025 11:35:31 +0400 Subject: [PATCH 05/16] remove redundant --- .gitignore | 1 + docker-compose.yml | 7 +++++++ vulnerablesp/start.sh | 6 +----- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index e43b0f9..cd975db 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .DS_Store +.aider* diff --git a/docker-compose.yml b/docker-compose.yml index b94d6cc..8fe2356 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,14 @@ services: build: vulnerableidp ports: - "80:80" + environment: + - SP_HOST=http://localhost:8000 + - IDP_HOST=http://localhost:80 + sp: build: vulnerablesp ports: - "8000:8000" + environment: + - SP_HOST=http://localhost:8000 + - IDP_HOST=http://localhost:80 \ No newline at end of file diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index 88d9038..fc0c856 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -1,11 +1,7 @@ #!/bin/bash -# Replace 127.0.0.1:8000 with SP_HOST in source files -if [ -z "$SP_HOST" ]; then - echo "SP_HOST is not set. Exiting." - exit 1 -fi +# Replace 127.0.0.1:8000 with SP_HOST in source files if [ -n "$SP_HOST" ]; then find /vulnerableSP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + fi From 3b56bbe4d7cf433742c5f5826a79f4cb2185fbfe Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:37:35 +0400 Subject: [PATCH 06/16] feat: Add SP_HOST and IDP_HOST replacements in start.sh and update Dockerfile --- vulnerableidp/start.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/vulnerableidp/start.sh b/vulnerableidp/start.sh index 1201e81..23cf58b 100644 --- a/vulnerableidp/start.sh +++ b/vulnerableidp/start.sh @@ -1,4 +1,14 @@ #!/bin/bash +# Replace 127.0.0.1:8000 with SP_HOST in source files +if [ -n "$SP_HOST" ]; then + find /vulnerableIDP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + +fi + +# Replace 127.0.0.1 with IDP_HOST in source files +if [ -n "$IDP_HOST" ]; then + find /vulnerableIDP -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + +fi + a2enconf simplesamlphp -apache2ctl -D FOREGROUND +exec "$@" From 681b81a5f7759b8ccc23235e5983bb3d95aa83ce Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:41:00 +0400 Subject: [PATCH 07/16] fix: Update start.sh to use correct installation path for IdP --- vulnerableidp/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerableidp/start.sh b/vulnerableidp/start.sh index 23cf58b..03290fd 100644 --- a/vulnerableidp/start.sh +++ b/vulnerableidp/start.sh @@ -2,12 +2,12 @@ # Replace 127.0.0.1:8000 with SP_HOST in source files if [ -n "$SP_HOST" ]; then - find /vulnerableIDP -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + + find /var/simplesamlphp -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + fi # Replace 127.0.0.1 with IDP_HOST in source files if [ -n "$IDP_HOST" ]; then - find /vulnerableIDP -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + + find /var/simplesamlphp -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + fi a2enconf simplesamlphp From 426baee85a8a21a4a462b730ff634042dd21cac5 Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:42:08 +0400 Subject: [PATCH 08/16] feat: Update Dockerfile to execute start.sh on container startup --- vulnerablesp/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vulnerablesp/Dockerfile b/vulnerablesp/Dockerfile index 848cb06..da0265f 100644 --- a/vulnerablesp/Dockerfile +++ b/vulnerablesp/Dockerfile @@ -16,7 +16,10 @@ RUN python /vulnerableSP/setup.py install EXPOSE 8000 WORKDIR /vulnerableSP/yogiSP -#CMD ["python", "index.py"] +COPY start.sh /vulnerableidp/start.sh +RUN chmod +x /vulnerableidp/start.sh + +CMD ["/vulnerableidp/start.sh", "apache2ctl", "-D", "FOREGROUND"] COPY start.sh /vulnerableSP/start.sh RUN chmod +x /vulnerableSP/start.sh From 56069e44cea2e28dac63698556958b8902cea83f Mon Sep 17 00:00:00 2001 From: "alexkutsan (aider)" Date: Mon, 27 Jan 2025 11:42:31 +0400 Subject: [PATCH 09/16] fix: Update CMD to execute start.sh with uwsgi in Dockerfile --- vulnerablesp/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vulnerablesp/Dockerfile b/vulnerablesp/Dockerfile index da0265f..cfbe5cc 100644 --- a/vulnerablesp/Dockerfile +++ b/vulnerablesp/Dockerfile @@ -19,7 +19,10 @@ WORKDIR /vulnerableSP/yogiSP COPY start.sh /vulnerableidp/start.sh RUN chmod +x /vulnerableidp/start.sh -CMD ["/vulnerableidp/start.sh", "apache2ctl", "-D", "FOREGROUND"] +COPY start.sh /vulnerablesp/start.sh +RUN chmod +x /vulnerablesp/start.sh + +CMD ["/vulnerablesp/start.sh", "uwsgi", "--ini", "vulnsp.ini"] COPY start.sh /vulnerableSP/start.sh RUN chmod +x /vulnerableSP/start.sh From 6ae6f9db4dcdfd9a88c56783577f804465b3af4b Mon Sep 17 00:00:00 2001 From: alexkutsan Date: Mon, 27 Jan 2025 11:45:52 +0400 Subject: [PATCH 10/16] adjust entrypoints --- vulnerableidp/Dockerfile | 5 ++++- vulnerableidp/start.sh | 4 +++- vulnerablesp/Dockerfile | 12 +----------- vulnerablesp/start.sh | 4 +++- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/vulnerableidp/Dockerfile b/vulnerableidp/Dockerfile index c149e15..5735562 100644 --- a/vulnerableidp/Dockerfile +++ b/vulnerableidp/Dockerfile @@ -24,5 +24,8 @@ ADD loginuserpass.php /usr/share/simplesamlphp/modules/core/templates/ ADD welcome.png /usr/share/simplesamlphp/www/resources/ EXPOSE 80 +COPY ./start.sh /start.sh +RUN chmod +x /start.sh + # Start the web service -CMD ["apache2ctl", "-D", "FOREGROUND"] +CMD ["/bin/bash", "/start.sh"] diff --git a/vulnerableidp/start.sh b/vulnerableidp/start.sh index 03290fd..5e03459 100644 --- a/vulnerableidp/start.sh +++ b/vulnerableidp/start.sh @@ -3,12 +3,14 @@ # Replace 127.0.0.1:8000 with SP_HOST in source files if [ -n "$SP_HOST" ]; then find /var/simplesamlphp -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + + find /etc/simplesamlphp -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + fi # Replace 127.0.0.1 with IDP_HOST in source files if [ -n "$IDP_HOST" ]; then find /var/simplesamlphp -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + + find /etc/simplesamlphp -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + fi a2enconf simplesamlphp -exec "$@" +apache2ctl -D FOREGROUND \ No newline at end of file diff --git a/vulnerablesp/Dockerfile b/vulnerablesp/Dockerfile index cfbe5cc..e41c5d3 100644 --- a/vulnerablesp/Dockerfile +++ b/vulnerablesp/Dockerfile @@ -11,19 +11,9 @@ WORKDIR /vulnerableSP RUN pip install uwsgi RUN pip install -r requirements.txt -RUN python /vulnerableSP/setup.py install - EXPOSE 8000 -WORKDIR /vulnerableSP/yogiSP -COPY start.sh /vulnerableidp/start.sh -RUN chmod +x /vulnerableidp/start.sh - -COPY start.sh /vulnerablesp/start.sh -RUN chmod +x /vulnerablesp/start.sh - -CMD ["/vulnerablesp/start.sh", "uwsgi", "--ini", "vulnsp.ini"] COPY start.sh /vulnerableSP/start.sh RUN chmod +x /vulnerableSP/start.sh -CMD ["/vulnerableSP/start.sh", "uwsgi", "--ini", "vulnsp.ini"] +CMD ["/bin/bash", "/vulnerableSP/start.sh"] \ No newline at end of file diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index fc0c856..1d90a6f 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -10,4 +10,6 @@ fi if [ -n "$IDP_HOST" ]; then find /vulnerableSP -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + fi -exec "$@" + +python /vulnerableSP/setup.py install +uwsgi --ini vulnsp.ini \ No newline at end of file From 0c9e4bc71a2f1bc8dbe7eb5d46911354da0ec473 Mon Sep 17 00:00:00 2001 From: alexkutsan Date: Mon, 27 Jan 2025 15:50:13 +0400 Subject: [PATCH 11/16] fix hosts replacement --- configure_platform.py | 112 -------------------- docker-compose.yml | 8 +- vulnerableidp/saml20-sp-remote.original | 37 ------- vulnerableidp/start.sh | 14 ++- vulnerablesp/Dockerfile | 15 +-- vulnerablesp/src/onelogin/saml2/response.py | 2 +- vulnerablesp/start.sh | 8 ++ vulnerablesp/yogiSP/saml/settings.original | 31 ------ 8 files changed, 31 insertions(+), 196 deletions(-) delete mode 100644 configure_platform.py delete mode 100644 vulnerableidp/saml20-sp-remote.original delete mode 100644 vulnerablesp/yogiSP/saml/settings.original diff --git a/configure_platform.py b/configure_platform.py deleted file mode 100644 index 0688b9a..0000000 --- a/configure_platform.py +++ /dev/null @@ -1,112 +0,0 @@ -import json -import os -import subprocess -from shutil import copyfile - - -def sp_settings(json_file, sp_ip, idp_ip): - jsonFile = open(json_file, 'r') - data = json.load(jsonFile) - jsonFile.close() - - data['sp']['entityId'] = f'http://{sp_ip}:8000/metadata/' - data['sp']['assertionConsumerService']['url'] = f'http://{sp_ip}:8000/?acs' - data['sp']['singleLogoutService']['url'] = f'http://{sp_ip}:8000/?sls' - - data['idp']['entityId'] = f'http://{idp_ip}/simplesamlphp/saml2/idp/metadata.php' - data['idp']['singleSignOnService']['url'] = f'http://{idp_ip}/simplesamlphp/saml2/idp/SSOService.php' - data['idp']['singleLogoutService']['url'] = f'http://{idp_ip}/simplesamlphp/saml2/idp/SingleLogoutService.php' - - jsonFile = open(json_file, 'w+') - jsonFile.write(json.dumps(data, indent=4)) - jsonFile.close() - - -def idp_settings(settings_file, sp_ip): - original_text = '127.0.0.1:8000' - new_text = f'{sp_ip}:8000' - - original_text_blob = open(settings_file).read() - open(settings_file, 'w').write(original_text_blob.replace(original_text, new_text)) - - -def build_docker(image_build): - # Builds and runs the docker image defined for the host. - - if image_build == 'idp': - build = subprocess.Popen(['docker', 'build', '-t', 'idp:1.0', 'vulnerableidp/']) - build.wait() - run = subprocess.Popen(['docker', 'run', '-it', '--rm', '--name', 'sp', '-d', '-p', '80:80', 'sp:1.0']) - run.wait() - check = subprocess.Popen(['docker', 'ps', '--filter', '--name', 'sp']) - check.wait() - print('\n All done run the IDP should be running now.') - print('To run the image manually after shutting it down use the command below:') - print(f'\t sudo docker run -it --rm --name {image_build} -d -p 80:80 {image_build}:1.0') - else: - build = subprocess.Popen(['docker', 'build', '-t', 'sp:1.0', 'vulnerablesp/']) - build.wait() - run = subprocess.Popen(['docker', 'run', '-it', '--rm', '--name', 'sp', '-d', '-p', '8000:8000', 'sp:1.0']) - run.wait() - check = subprocess.Popen(['docker', 'ps', '--filter', '--name', 'sp']) - check.wait() - print('\n All done the SP image should be running.') - print('To run the image manually after shutting it down use the command below:') - print(f'\t sudo docker run -it --rm --name {image_build} -d -p 8000:8000 {image_build}:1.0') - - -def main(): - # Reset the config files for each run to give people the ability to re-run this if they typo something - # saves them from having to re-clone repo or edit the files manually - - copyfile('vulnerablesp/yogiSP/saml/settings.original','vulnerablesp/yogiSP/saml/settings.json') - copyfile('vulnerableidp/saml20-sp-remote.original','vulnerableidp/saml20-sp-remote.php') - - host_config_option = '' - print(" Begining the configuration process. \n") - - print('---------------------------------------------') - print(" Please note that this script is basically doing a find in replace on specific strings that exist in the initial files cloned from the repository.\n If you've already ran this script once and specified different IPs/hostnames for the SP and IDP, there is a strong chance it will not actually update the configuration files for you.\n You should consider manually editing the configuration files or deleteing and re-cloning the repository.") - print('---------------------------------------------') - - print('\n Which server are we configuring? \n 1 - Identity Prodiver (IDP) \n 2 - Serivce Provider/Web App (SP)') - - while True: - try: - host_config_option = int(input('# ')) - if host_config_option == 1 or host_config_option == 2: - break - print('Please enter 1 or 2') - except Exception as e: - print('Must be a number') - - while True: - try: - docker_direction = input('Do you want to also create and run the Docker image for this host, Y/N? ') - if docker_direction[0].lower() == 'y' or docker_direction[0].lower() == 'n': - break - print('Must be either a Y or N') - except Exception as e: - print(f'Must be a Y or N: {e}') - - if docker_direction == 'Y': - if os.geteuid() != 0: - sys.exit('Please re-run this script with root privileges if you want to have it build the docker commands for you') - - sp_ip = input('What is the hostname/IP for the SP? ') - idp_ip = input('What is the hostname/IP for the IDP? ') - - # Configure the Identity Platform (IDP) - if host_config_option is 1: - settings_file = 'vulnerableidp/saml20-sp-remote.php' - idp_settings(settings_file, sp_ip) - build_docker('idp') - - # Configure the web application / Service Provider (SP) - elif host_config_option is 2: - json_file = 'vulnerablesp/yogiSP/saml/settings.json' - sp_settings(json_file, sp_ip, idp_ip) - build_docker('sp') - -if __name__ == "__main__": - main() diff --git a/docker-compose.yml b/docker-compose.yml index 8fe2356..37c7d95 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,13 +5,13 @@ services: ports: - "80:80" environment: - - SP_HOST=http://localhost:8000 - - IDP_HOST=http://localhost:80 + - SP_HOST=localhost:8000 + - IDP_HOST=localhost sp: build: vulnerablesp ports: - "8000:8000" environment: - - SP_HOST=http://localhost:8000 - - IDP_HOST=http://localhost:80 \ No newline at end of file + - SP_HOST=localhost:8000 + - IDP_HOST=localhost \ No newline at end of file diff --git a/vulnerableidp/saml20-sp-remote.original b/vulnerableidp/saml20-sp-remote.original deleted file mode 100644 index 9ed7833..0000000 --- a/vulnerableidp/saml20-sp-remote.original +++ /dev/null @@ -1,37 +0,0 @@ - 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp', - 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp', -); - -/* - * This example shows an example config that works with G Suite (Google Apps) for education. - * What is important is that you have an attribute in your IdP that maps to the local part of the email address - * at G Suite. In example, if your Google account is foo.com, and you have a user that has an email john@foo.com, then you - * must set the simplesaml.nameidattribute to be the name of an attribute that for this user has the value of 'john'. - */ -$metadata['google.com'] = array( - 'AssertionConsumerService' => 'https://www.google.com/a/g.feide.no/acs', - 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', - 'simplesaml.nameidattribute' => 'uid', - 'simplesaml.attributes' => FALSE, -); - -$metadata['http://127.0.0.1:8000/metadata/'] = array ( - 'AssertionConsumerService' => 'http://127.0.0.1:8000/?acs', - 'SingleLogoutService' => 'http://127.0.0.1:8000/?sls', -); - -$metadata['http://127.0.0.1:8000/metadata'] = array ( - 'AssertionConsumerService' => 'http://127.0.0.1:8000/?acs', - 'SingleLogoutService' => 'http://127.0.0.1:8000/?sls', -); diff --git a/vulnerableidp/start.sh b/vulnerableidp/start.sh index 5e03459..43591df 100644 --- a/vulnerableidp/start.sh +++ b/vulnerableidp/start.sh @@ -2,15 +2,21 @@ # Replace 127.0.0.1:8000 with SP_HOST in source files if [ -n "$SP_HOST" ]; then - find /var/simplesamlphp -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + - find /etc/simplesamlphp -type f -exec sed -i "s/127.0.0.1:8000/$SP_HOST/g" {} + + echo "Replacing 127.0.0.1:8000 with $SP_HOST" + find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|127.0.0.1:8000|$SP_HOST|g" {} + fi # Replace 127.0.0.1 with IDP_HOST in source files if [ -n "$IDP_HOST" ]; then - find /var/simplesamlphp -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + - find /etc/simplesamlphp -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + + echo "Replacing 127.0.0.1 with $IDP_HOST" + find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|127.0.0.1|$IDP_HOST|g" {} + fi + +# # Replace all occurrences of :8000 with an empty string +# echo "Removing all occurrences of :8000" +# find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|:8000||g" {} + + + a2enconf simplesamlphp apache2ctl -D FOREGROUND \ No newline at end of file diff --git a/vulnerablesp/Dockerfile b/vulnerablesp/Dockerfile index e41c5d3..3bf6501 100644 --- a/vulnerablesp/Dockerfile +++ b/vulnerablesp/Dockerfile @@ -4,16 +4,17 @@ RUN apt-get update -y RUN apt-get install -y python2.7 python2.7-dev libxmlsec1 libxmlsec1-dev git python-pip python-dev build-essential nginx RUN pip install --upgrade pip RUN pip install -U setuptools +RUN pip install uwsgi -COPY . /vulnerableSP +RUN mkdir /vulnerableSP WORKDIR /vulnerableSP - -RUN pip install uwsgi +COPY ./requirements.txt /vulnerableSP/requirements.txt RUN pip install -r requirements.txt -EXPOSE 8000 - -COPY start.sh /vulnerableSP/start.sh +COPY . /vulnerableSP RUN chmod +x /vulnerableSP/start.sh -CMD ["/bin/bash", "/vulnerableSP/start.sh"] \ No newline at end of file + +EXPOSE 8000 + +CMD ["/bin/bash", "/vulnerableSP/start.sh"] diff --git a/vulnerablesp/src/onelogin/saml2/response.py b/vulnerablesp/src/onelogin/saml2/response.py index 4f027cc..9e9c38f 100644 --- a/vulnerablesp/src/onelogin/saml2/response.py +++ b/vulnerablesp/src/onelogin/saml2/response.py @@ -221,7 +221,7 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False): for issuer in issuers: if issuer is None or issuer != idp_entity_id: raise OneLogin_Saml2_ValidationError( - 'Invalid issuer in the Assertion/Response', + 'Invalid issuer in the Assertion/Response. Issuer: %s, IdP Entity ID: %s' % (issuer, idp_entity_id), OneLogin_Saml2_ValidationError.WRONG_ISSUER ) diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index 1d90a6f..a5c22cc 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -11,5 +11,13 @@ if [ -n "$IDP_HOST" ]; then find /vulnerableSP -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + fi + +# # Replace all occurrences of :8000 with an empty string +# echo "Removing all occurrences of :8000" +# find /vulnerableSP -type f -exec sed -i "s|:8000||g" {} + + + +cd /vulnerableSP/ python /vulnerableSP/setup.py install +cd /vulnerableSP/yogiSP uwsgi --ini vulnsp.ini \ No newline at end of file diff --git a/vulnerablesp/yogiSP/saml/settings.original b/vulnerablesp/yogiSP/saml/settings.original deleted file mode 100644 index 375126c..0000000 --- a/vulnerablesp/yogiSP/saml/settings.original +++ /dev/null @@ -1,31 +0,0 @@ -{ - "strict": true, - "debug": true, - "sp": { - "entityId": "http://127.0.0.1:8000/metadata/", - "assertionConsumerService": { - "url": "http://127.0.0.1:8000/?acs", - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - }, - "singleLogoutService": { - "url": "http://127.0.0.1:8000/?sls", - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - }, - "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "x509cert": "MIIDSTCCAjGgAwIBAgIJAMrYtXzE+otvMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJLUzEQMA4GA1UEBwwHV2ljaGl0YTENMAsGA1UECgwEQmxlaDAeFw0xODAxMDgxODI5NDNaFw0yODAxMDgxODI5NDNaMDsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJLUzEQMA4GA1UEBwwHV2ljaGl0YTENMAsGA1UECgwEQmxlaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7Mi/jls3XYiEhS/IL2K8geg1/V9ei9B7H8b4ekxzm141IR4iERVu9eL7xclM0VdpSavOsO2vzve/ML9cfY21P1Acvoj1i+txsLUdBNeREr8MneuLfdv+tPfy1qc19RPnmbxxSCGvlSeNV/TOMqyvJKg4wHS7ZXlNcrWl0SCVTN8FKJGZYG7YfYnBI0uH6H4zqpWpB3S3DSgl3u5ocTYN5tbU6aW7k30+xe53OIed42XffBBplX9Ye9biAbj110JLLn4UTy4BDvb21e9FGfJY2lYXWJCvBZZJc4NAzLOSn1BtDjF3ouZQt17I6MJN72GVnJfRN4jBI4qULrkDcQQu0CAwEAAaNQME4wHQYDVR0OBBYEFN+z4GtgrmhxbjtzIJFQrFVRh9lgMB8GA1UdIwQYMBaAFN+z4GtgrmhxbjtzIJFQrFVRh9lgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGbmHjd1RrOK/HdNdIy47tyYo5H7DYCwUPDtj9lN9GShQ3gC41C8kNUqRpO4yt/BmMOCf6jpqdF/86/KJoyHwP1uFNFhu/1k5kH/m7EXH7wIR73fb+/gfOOvgJUSvUPt2Bh/Qbt/TB+PUnAf24bR2cvDPeKJFb2O4QUfyZgoex79mjq3d+SDq3ulxg9TKYzFTjDRr0zYkmfZPW+CY3lKxBGfou3v6ysuZONbVUZi1adXezneWAudpMp0NvujOb0PgfQ0dZyixe2opDgPPsJpy5EP9nQJKM3YhuVtZ1IcXTI3rDmnT0IVdqxvAp3npO4rFfI5qXnk4oiY4mPI5CZwex4=", - "privateKey": "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+zIv45bN12IhIUvyC9ivIHoNf1fXovQex/G+HpMc5teNSEeIhEVbvXi+8XJTNFXaUmrzrDtr873vzC/XH2NtT9QHL6I9YvrcbC1HQTXkRK/DJ3ri33b/rT38tanNfUT55m8cUghr5UnjVf0zjKsrySoOMB0u2V5TXK1pdEglUzfBSiRmWBu2H2JwSNLh+h+M6qVqQd0tw0oJd7uaHE2DebW1Omlu5N9PsXudziHneNl33wQaZV/WHvW4gG49ddCSy5+FE8uAQ729tXvRRnyWNpWF1iQrwWWSXODQMyzkp9QbQ4xd6LmULdeyOjCTe9hlZyX0TeIwSOKlC65A3EELtAgMBAAECggEAUpRbXK2mX7IJQixQyCndxy6Vs8v6M/Jkuz9D0lSaObskmSfOVHuZwd5lEMSNTrokaasTazUxyNmqLwaVKRsNyqe3UFbmfAWHYLgkf+CYLrty6xxvnHzojOMKa1CwgKe8P4wRvSmWnSR50gXX9FZYIkfn6ZpaxZ/gdsR3xuKAkWgVAHhowLwMZiqdyrcaCMHpOn4KQzZaK8rcfT2RU0TEXW37HVBCLseBSxAFpBF2Y80rpgXAwA0stE+22Y8eWRy6Woo3K5KLh+PPymYu/2/msSgNQv2WJVw61W6SrG06FsCdAfuN80mE3ugFf7QOh2FZZMrpu/C4f9zrmweSe8tKAQKBgQDsy8yuFyUZYsGo3q8GZ/r4aEqah8CLsQAdN1rVPw8HMVCraPOeGwqXK78Sd8RcWII8IQdl4O4y+SnKm9SP6+bkgpBHRNkg7NBBMwEKnB0bVmESIbN29mIq2M+gEjUeBDR8sQOGsspNNT8XC4gb/jVe+POJyfubgjTh5H9bZ/t9gQKBgQDORclzRikXLFPlyWxBf/lyDUQlYoSlie6a+eKSmuBn/QlUi4Wx5x8KPgSJtBGjQWMEwf/mbs3g+f2u95xZnME2s2/tV1BP5siM7XaaMPuUydRZMQ/A11nFIdOWxtPjUVZnwEqRqi5h90rktnRVTvhDHi6LyY03mo1rAVy24stTbQKBgQDSprZNxL83Jxh6nqb7PvMPms+LSuqqGmqskvrWK4O19VP7OKFIbGvucXdH+Y2QTRiGXyeSpReh9vALkrb01XoQnGm3TPMPjDvzVGk/xANMt3ohRCO/140a6sdBchEYw8rhhiNJ57F6H70hRhvuMyXNeBBG6o1PGPTsY3Y8nXMngQKBgQCH5wzqKSCrhuYj8IilwxZrYXgzlWxF0NHnQ5pW8znE6b869833P4qA6gl9XKl+QXdmzBa5EOoOP0c3/yYBGLloO+MTocJlUm1yBIZu4rTu++cveJajfH9F1ZqdrZQvIgjmxJecz15N52ttsxSEnEoPlpQeP4YOS4K/LJ+UU2qZJQKBgQDZIIcCmyjCCfLJoYDkP1QdZc75lRvFbg1zAtz65zs+LwsQ+FuZJAYasK4miKYLjJAu79ZGwekiX3e9F1i6NwB9APN6gl8F3sZXB+HN9wZsNEHcyyPzFVwvCxj0nw+dPC0/Q3xdrgVSvO4w0PWTEhBwX/CHEsAGYKohpLt4xHnn2Q==" - }, - "idp": { - "entityId": "http://127.0.0.1/simplesamlphp/saml2/idp/metadata.php", - "singleSignOnService": { - "url": "http://127.0.0.1/simplesamlphp/saml2/idp/SSOService.php", - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - }, - "singleLogoutService": { - "url": "http://127.0.0.1/simplesamlphp/saml2/idp/SingleLogoutService.php", - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - }, - "x509cert": "MIIDeTCCAmGgAwIBAgIJANvZGeYKX7nIMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZLYW5zYXMxEDAOBgNVBAcMB1dpY2hpdGExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xODAxMTAxNzAzMThaFw0yODAxMTAxNzAzMThaMFMxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZLYW5zYXMxEDAOBgNVBAcMB1dpY2hpdGExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOysjXhxnPnXGheeidZphc8PurUT+ToxJBswCk3/uY3lPeAGLaS2a0XvQw9UUJ7qoZ8BiSlegIVD/940E+5T0EPmBJrmJB3VQCEF/tHdo+WCL0JTg1paJCnkS1kZqMUMmH1OHwQg8cKAL0D0VcEl0z0v6gQkKcEU4UNTk8TQB7dNK1EemM9PWDx5ZBIyW7osY+ECR5k4bWal9sexdicrUnRbgszkQfgp5Rx+OUyu6WKWCyl8swrz0CWLI16uA5EdSi5evQkJnzVI/e9uvOUDWc/zwSfiEA1ZnwWtW3tr/F09WTvg/6zInqh2TxIwk3uKxyu7HMFekcu2tAVNyiJjp5ECAwEAAaNQME4wHQYDVR0OBBYEFOnZYhqx73Vel6SbDJxtovD/VLPKMB8GA1UdIwQYMBaAFOnZYhqx73Vel6SbDJxtovD/VLPKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAISIj9g7X0PGUbeclFg+ZvfclSCqVpypzy2nJMWC5S8IyOFjo+BQbbry1bR2sKZ9OwIReFDh0qSOh+dzNSlKvfwj5B/phocmzi9UTAlatex02x/QYO3A0iDDj1Qf3cJQj2QJQ/Lqk+yynVdWREfFdHTyjqozd3UoC1SdITskigDCgPjLIVvlrIexBwucspctmNoRYcVzLGpOMlgQHMoMKsG0DHAFC0S/baWs8eulYsl8nDQWx0W96DS0pw/jskDxsyIw4rMpqzYfR1XBI2lcALqIjaucDPAZMI9OufoHCSgmUPD1h4g5oIZn/27SkhWqi/hfnBBTc4otzB0h+9q6FhU=" - } -} - From e46c0ef1b65a01148751d46ecb3c94c0db90af12 Mon Sep 17 00:00:00 2001 From: alexkutsan Date: Mon, 27 Jan 2025 17:17:24 +0400 Subject: [PATCH 12/16] support of https --- docker-compose.yml | 21 ++++++++++++++++++++- vulnerableidp/saml20-idp-hosted.php | 2 +- vulnerableidp/saml20-sp-remote.php | 29 ++--------------------------- vulnerableidp/start.sh | 12 +++++++----- vulnerablesp/start.sh | 11 +++++++---- 5 files changed, 37 insertions(+), 38 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 37c7d95..d39cb1d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,4 +14,23 @@ services: - "8000:8000" environment: - SP_HOST=localhost:8000 - - IDP_HOST=localhost \ No newline at end of file + - IDP_HOST=localhost + +# services: +# idp: +# build: vulnerableidp +# ports: +# - "80:80" +# environment: +# - SP_HOST=test.alexkutsan.xyz +# - IDP_HOST=exposed.alexkutsan.xyz +# - USE_HTTPS=1 + +# sp: +# build: vulnerablesp +# ports: +# - "8000:8000" +# environment: +# - SP_HOST=test.alexkutsan.xyz +# - IDP_HOST=exposed.alexkutsan.xyz +# - USE_HTTPS=1 diff --git a/vulnerableidp/saml20-idp-hosted.php b/vulnerableidp/saml20-idp-hosted.php index 29f950f..3887265 100644 --- a/vulnerableidp/saml20-idp-hosted.php +++ b/vulnerableidp/saml20-idp-hosted.php @@ -5,7 +5,7 @@ * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted */ -$metadata['__DYNAMIC:1__'] = array( +$metadata['http://127.0.0.1/simplesamlphp/saml2/idp/metadata.php'] = array( /* * The hostname of the server (VHOST) that will use this SAML entity. * diff --git a/vulnerableidp/saml20-sp-remote.php b/vulnerableidp/saml20-sp-remote.php index 9ed7833..21d180c 100644 --- a/vulnerableidp/saml20-sp-remote.php +++ b/vulnerableidp/saml20-sp-remote.php @@ -1,37 +1,12 @@ 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp', - 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp', -); - -/* - * This example shows an example config that works with G Suite (Google Apps) for education. - * What is important is that you have an attribute in your IdP that maps to the local part of the email address - * at G Suite. In example, if your Google account is foo.com, and you have a user that has an email john@foo.com, then you - * must set the simplesaml.nameidattribute to be the name of an attribute that for this user has the value of 'john'. - */ -$metadata['google.com'] = array( - 'AssertionConsumerService' => 'https://www.google.com/a/g.feide.no/acs', - 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', - 'simplesaml.nameidattribute' => 'uid', - 'simplesaml.attributes' => FALSE, -); -$metadata['http://127.0.0.1:8000/metadata/'] = array ( +$metadata['http://127.0.0.1:8000/metadata'] = array ( 'AssertionConsumerService' => 'http://127.0.0.1:8000/?acs', 'SingleLogoutService' => 'http://127.0.0.1:8000/?sls', ); -$metadata['http://127.0.0.1:8000/metadata'] = array ( +$metadata['http://127.0.0.1:8000/metadata/'] = array ( 'AssertionConsumerService' => 'http://127.0.0.1:8000/?acs', 'SingleLogoutService' => 'http://127.0.0.1:8000/?sls', ); diff --git a/vulnerableidp/start.sh b/vulnerableidp/start.sh index 43591df..80fa4e3 100644 --- a/vulnerableidp/start.sh +++ b/vulnerableidp/start.sh @@ -12,11 +12,13 @@ if [ -n "$IDP_HOST" ]; then find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|127.0.0.1|$IDP_HOST|g" {} + fi - -# # Replace all occurrences of :8000 with an empty string -# echo "Removing all occurrences of :8000" -# find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|:8000||g" {} + - +if [ -n "$USE_HTTPS" ]; then + echo "Replacing http://$SP_HOST with https://$SP_HOST" + find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|http://$SP_HOST|https://$SP_HOST|g" {} + + + echo "Replacing http://$IDP_HOST with https://$IDP_HOST" + find /usr/share/simplesamlphp /etc/simplesamlphp/ -type f -exec sed -i "s|http://$IDP_HOST|https://$IDP_HOST|g" {} + +fi a2enconf simplesamlphp apache2ctl -D FOREGROUND \ No newline at end of file diff --git a/vulnerablesp/start.sh b/vulnerablesp/start.sh index a5c22cc..70b7cc8 100644 --- a/vulnerablesp/start.sh +++ b/vulnerablesp/start.sh @@ -11,10 +11,13 @@ if [ -n "$IDP_HOST" ]; then find /vulnerableSP -type f -exec sed -i "s/127.0.0.1/$IDP_HOST/g" {} + fi - -# # Replace all occurrences of :8000 with an empty string -# echo "Removing all occurrences of :8000" -# find /vulnerableSP -type f -exec sed -i "s|:8000||g" {} + +if [ -n "$USE_HTTPS" ]; then + echo "Replacing http://$SP_HOST with https://$SP_HOST" + find /vulnerableSP -type f -exec sed -i "s|http://$SP_HOST|https://$SP_HOST|g" {} + + + echo "Replacing http://$IDP_HOST with https://$IDP_HOST" + find /vulnerableSP -type f -exec sed -i "s|http://$IDP_HOST|https://$IDP_HOST|g" {} + +fi cd /vulnerableSP/ From 9812a20c545234c765d08c17dd63c00d8fbcd2a2 Mon Sep 17 00:00:00 2001 From: alexkutsan Date: Mon, 27 Jan 2025 17:20:33 +0400 Subject: [PATCH 13/16] remove alexkutsan --- docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d39cb1d..20ff0db 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,8 +22,8 @@ services: # ports: # - "80:80" # environment: -# - SP_HOST=test.alexkutsan.xyz -# - IDP_HOST=exposed.alexkutsan.xyz +# - SP_HOST=sp.domain.com +# - IDP_HOST=idp.domain.com # - USE_HTTPS=1 # sp: @@ -31,6 +31,6 @@ services: # ports: # - "8000:8000" # environment: -# - SP_HOST=test.alexkutsan.xyz -# - IDP_HOST=exposed.alexkutsan.xyz +# - SP_HOST=sp.domain.com +# - IDP_HOST=idp.domain.com # - USE_HTTPS=1 From 189e237a9b2e8429aa3f2a4792839eb99ec2a196 Mon Sep 17 00:00:00 2001 From: ilya-olchikov Date: Tue, 28 Jan 2025 10:41:05 +0400 Subject: [PATCH 14/16] feat(vulnerablesp): redirect to home page if not authorized add redirect to set up proper exploiter authentication --- vulnerablesp/yogiSP/vulnsp.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vulnerablesp/yogiSP/vulnsp.py b/vulnerablesp/yogiSP/vulnsp.py index 4ac3fba..7115710 100644 --- a/vulnerablesp/yogiSP/vulnsp.py +++ b/vulnerablesp/yogiSP/vulnsp.py @@ -119,6 +119,8 @@ def profile(): paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() + else: + return redirect('/') return render_template('profile.html', paint_logout=paint_logout, attributes=attributes) From 9443b3d447baba792c521bb880ce34e7f10a7948 Mon Sep 17 00:00:00 2001 From: ilya-olchikov Date: Tue, 28 Jan 2025 11:20:45 +0400 Subject: [PATCH 15/16] fix(vulnerablesp): add 401 if not authorized --- vulnerablesp/yogiSP/templates/401.html | 15 +++++++++++++++ vulnerablesp/yogiSP/vulnsp.py | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 vulnerablesp/yogiSP/templates/401.html diff --git a/vulnerablesp/yogiSP/templates/401.html b/vulnerablesp/yogiSP/templates/401.html new file mode 100644 index 0000000..a299af4 --- /dev/null +++ b/vulnerablesp/yogiSP/templates/401.html @@ -0,0 +1,15 @@ + + + + + + 401 Unauthorized + + + +

401 Unauthorized

+

У вас нет доступа к этому ресурсу. Пожалуйста, авторизуйтесь.

+ Вернуться на домашнюю страницу + + + \ No newline at end of file diff --git a/vulnerablesp/yogiSP/vulnsp.py b/vulnerablesp/yogiSP/vulnsp.py index 7115710..bcd4e10 100644 --- a/vulnerablesp/yogiSP/vulnsp.py +++ b/vulnerablesp/yogiSP/vulnsp.py @@ -120,7 +120,7 @@ def profile(): if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() else: - return redirect('/') + return render_template('401.html'), 401 return render_template('profile.html', paint_logout=paint_logout, attributes=attributes) From 0c146d249477472f05194c09356cd2b4fd62eec1 Mon Sep 17 00:00:00 2001 From: ilya-olchikov Date: Tue, 28 Jan 2025 11:22:07 +0400 Subject: [PATCH 16/16] fix(vulnerablesp): change text --- vulnerablesp/yogiSP/templates/401.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/vulnerablesp/yogiSP/templates/401.html b/vulnerablesp/yogiSP/templates/401.html index a299af4..bcb3a21 100644 --- a/vulnerablesp/yogiSP/templates/401.html +++ b/vulnerablesp/yogiSP/templates/401.html @@ -8,8 +8,7 @@

401 Unauthorized

-

У вас нет доступа к этому ресурсу. Пожалуйста, авторизуйтесь.

- Вернуться на домашнюю страницу + Back to home page \ No newline at end of file