Saturday, September 3, 2016

A simple example of this is when a simple parameter is appended to the end of a URL.
For example, imagine a system that uses a parameter "auth" to signify if a user has been authenticated, and prompts for the log in procedure if auth=0, switching it to auth=1 once a successful login has taken place. As long as auth=1, the user remains authenticated and able to access restricted pages.
Trying to get to a restricted page, a user's browser might submit: http://www.mycorporatewebapp.com/remotemanagement.asp?auth=0
Bypassing this authentication might then be as simple as changing auth=0 to auth=1.
he question that hackers ask is whether there are alternative URLs, which are not on the "restricted list", which point to the same restricted pages? or example, imagine a restricted
Web page: http://mycorporatedevice/admin/configuration/
What if a hacker were to append an extra "/" at the end of this URL:
http://mycorporatedevice/admin/configuration//
or add some other character like "?" or "%" or "~"? In some cases these URLs are effectively equivalent, even though they look different. If the authentication mechanism only checks for the original URL but not the variations then it can easily be bypassed.

 

http://www.w4rri0r.com/attacker-surface/bypass-authentication.html 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Satellite hacking Intel 1 (BACK@WAR CyberArmy friends let´s start Satellite GPS navigation hack IT WILL HV A PRICE)

  https://stackoverflow.com/questions/63010812/how-to-access-http-port-5001-from-public-internet