This tutorial is a slight adaptation of Filippo Valsorda's presentation. The example here should not work currently, but it was a vulnerability a couple of years ago.

The problem presented here shows how to exploit a poor choice combination of information in an API hash-function.

TL;DR: given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix.

MD5

MD5 hashes can't be reversed and are nearly unique (accidental collisions are extremely rare, although possible).

The Vulnerability

A signature is created from a hashed string. This string is a composed of:

[ PASSWORD ]["api_key"+ api_key ]["method" + method]

Where password is just the user password and method is the action, for example "vimeo.test.login".

This signature is hashed and added as the API signature.
Vulnerability 1: if we can see the hash, we can add code to it (extend).
Vulnerability 2: the secret is attached to the string that was hashed.
Vulnerability 3: all the other components (except the secret) is passed in the plaintext in the request.

The Exploit

If an attacker can see a request, she can extend the signature hash with any exploit. For example, she could add the method "vimeo.videos.setFavorite"
The API signature is now formed by hashing the entire new request.

HOW TO RUN THIS EXAMPLE

In one terminal run $ python server.py
Copy the values api_key cdd56f298e71493b9b1015c691e14501 api_sig fdffe59969293f23c197f321ff2f972e

to client.py and then run it.

To understand what happen, look inside client.py.