Chapter 12
■
Attacking Other Users
453
■■
The application does not issue tokens to anonymous users, and a token
is issued only following a successful login. However,
if a user accesses
the login function using an authenticated token, and logs in using dif-
ferent credentials, no new token is issued — rather, the user associated
with the previously authenticated session is changed to the identity of
the second user.
In both of these cases, an attacker can obtain a valid session token (either by
simply requesting the login page or by performing a login with his own cre-
dentials) and feed this to a target user. When that user logs in using the token,
the attacker can hijack the user’s session.
HACK STEPS
■
Do'stlaringiz bilan baham: