The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

is vulnerable to session fixation

Download 5,76 Mb.

Pdf ko'rish

bet	361/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 357 358 359 360 361 362 363 364 ... 875

Bog'liq
3794 1008 4334

is vulnerable to session fixation.

■

If the application uses HTTP cookies to transmit session tokens, then it

may well be vulnerable to cross-site request forgery (XSRF). First, log in to

the application. Then confirm that a request made to the application but

originating from a page of a different application results in submission of

the user’s token. (This submission will need to be made from a window of

the same browser process as was used to log in to the target application.)

Attempt to identify any sensitive application functions all of whose para-

meters can be determined in advance by an attacker, and exploit this to

carry out unauthorized actions within the security context of a target user.

See Chapter 12 for more details on how to execute XSRF attacks.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 357 358 359 360 361 362 363 364 ... 875