Scribd Logo
Upload

Welcome to Scribd!

  • Lab 9 - User ID Controlled by Request Parameter With Password Disclosure. Ahmed Khaled Saad Ali ID:1809799

    Uploaded by

    DODOXD Mekheimer
    8 views4 pages
    1) The document describes a lab experiment where the user logged in as "wiener" and was able to access the administrator account page by changing the request ID parameter to "administrator", revealing the administrator's password in the response. 2) With this password, the user logged in as the administrator and accessed the admin panel to delete another user, completing the lab. 3) The lessons highlighted are to not include user identifiers directly in requests and that passwords can be deduced from responses with basic HTML knowledge of how password fields work.

    Original Description:

    Original Title

    Untitled

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1) The document describes a lab experiment where the user logged in as "wiener" and was able to access the administrator account page by changing the request ID parameter to "administrator", revealing the administrator's password in the response. 2) With this password, the user logged in as the administrator and accessed the admin panel to delete another user, completing the lab. 3) The lessons highlighted are to not include user identifiers directly in requests and that passwords can be deduced from responses with basic HTML knowledge of how password fields work.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views4 pages

    Lab 9 - User ID Controlled by Request Parameter With Password Disclosure. Ahmed Khaled Saad Ali ID:1809799

    Uploaded by

    DODOXD Mekheimer
    1) The document describes a lab experiment where the user logged in as "wiener" and was able to access the administrator account page by changing the request ID parameter to "administrator", revealing the administrator's password in the response. 2) With this password, the user logged in as the administrator and accessed the admin panel to delete another user, completing the lab. 3) The lessons highlighted are to not include user identifiers directly in requests and that passwords can be deduced from responses with basic HTML knowledge of how password fields work.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Lab 9 - User ID controlled by request parameter with password

    disclosure.
    Ahmed Khaled Saad Ali ID:1809799
    Lab Progress & Screenshots:
    Logged in as wiener.

    We find this request, with an identifier to the user of the logged in account.
    We will take the request to the “Repeater” and change its “id” field to
    “administrator” and send request. We should get in the password in the response
    because it is displayed on the account page and as we know in HTML for input
    type password, its value is just right there in “value” field. We copy the password’s
    value.

    We login with administrator’s password.


    Administrator’s account page accessed.

    Admin panel accessed.

    Carlos is deleted, Lab solved.

    Lessons:
    1) Don’t simply include identifiers of a user in when he sends a request.
    2) With minimal HTML knowledge, password’s value was deduced from response.

    You might also like