The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Obtain a new account. If you are not required to set all credentials during

Download 5,76 Mb.

Pdf ko'rish

bet	274/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 270 271 272 273 274 275 276 277 ... 875

Bog'liq
3794 1008 4334

Try to reuse a single reactivation URL multiple times, and see if the appli

Obtain a new account. If you are not required to set all credentials during

registration, determine the means by which the application distributes

credentials to new users.

■

If an account activation URL is used, try to register several new accounts

in close succession and identify any sequence in the URLs you receive. If

a pattern can be determined, try to predict the activation URLs sent to

recent and forthcoming users, and attempt to use these URLs to take

ownership of their accounts.

■

Try to reuse a single reactivation URL multiple times, and see if the appli-

cation allows this. If not, try locking out the target account before reusing

the URL, and see if it now works.

Chapter 6

■

Attacking Authentication

155

70779c06.qxd:WileyRed 9/14/07 3:13 PM Page 155

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 270 271 272 273 274 275 276 277 ... 875