Scribd Logo
Upload

Welcome to Scribd!

  • Lab 5 - Method-Based Access Control Can Be Circumvented

    Uploaded by

    DODOXD Mekheimer
    177 views6 pages
    1. The document describes an attempt to circumvent method-based access control by upgrading a user "carlos" to administrator status. 2. By intercepting and replaying HTTP requests, the student was able to change the username in a GET request from "carlos" to "wiener" and gain administrator access, even though copying the cookie session from user "wiener" to an administrative request failed. 3. The lesson is that all HTTP request methods must be properly protected to prevent circumvention of access controls.

    Original Description:

    Original Title

    Lab 5 - Method-based access control can be circumvented

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document describes an attempt to circumvent method-based access control by upgrading a user "carlos" to administrator status. 2. By intercepting and replaying HTTP requests, the student was able to change the username in a GET request from "carlos" to "wiener" and gain administrator access, even though copying the cookie session from user "wiener" to an administrative request failed. 3. The lesson is that all HTTP request methods must be properly protected to prevent circumvention of access controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    177 views6 pages

    Lab 5 - Method-Based Access Control Can Be Circumvented

    Uploaded by

    DODOXD Mekheimer
    1. The document describes an attempt to circumvent method-based access control by upgrading a user "carlos" to administrator status. 2. By intercepting and replaying HTTP requests, the student was able to change the username in a GET request from "carlos" to "wiener" and gain administrator access, even though copying the cookie session from user "wiener" to an administrative request failed. 3. The lesson is that all HTTP request methods must be properly protected to prevent circumvention of access controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Lab 5 - Method-based access control can be circumvented

    Ahmed Khaled Saad Ali ID:1809799

    Lab Progress & Screenshots:


    Logging in as Administrator, to search for vulnerabilities

    Trying out Upgrading carlos to ADMIN in the Admin Panel with Intercept ON, we
    will have a POST request appear, with critical information: /admin-roles & Cookie
    session, username & action below. We will send it to the “Repeater”.
    We will logout from Admin and log in as wiener.

    With Intercept ON, we refresh wiener page to have request from wiener to get his
    Cookie session & send request to “Repeater”
    We will copy wiener’s Cookie Session & paste instead of Cookie session in Admin
    Request in the “Repeater”, also we will change request method to GET.

    Username field appears, lets try entering wiener in place of carlos, Send request
    and then refresh wieners page.
    Failed tries:
    System had protection for Cookie session copying from user wiener to admin’s
    request in “Repeater”. It gives “Unautherized” in Response.

    We tried changing carlos to wiener in username field, but it gave “Unautherized”


    in Response as well.

    So, we deduced that POST request is heavily protected, so we try with another
    request method and it worked.
    Lessons:
    Make sure to cover up protection and clear vulnerabilities of all HTTP request
    methods.

    You might also like