The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 12 

■

Attacking Other Users

453

■■

The application does not issue tokens to anonymous users, and a token

is issued only following a successful login. However, if a user accesses

the login function using an authenticated token, and logs in using dif-

ferent credentials, no new token is issued — rather, the user associated

with the previously authenticated session is changed to the identity of

the second user.

In both of these cases, an attacker can obtain a valid session token (either by

simply requesting the login page or by performing a login with his own cre-

dentials) and feed this to a target user. When that user logs in using the token,

the attacker can hijack the user’s session.

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham: