The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the applications to uniquely identify a given user across a number of different requests, and to handle data that it accumulates about the state of that user's interaction with the applications. Where an applications implements login functionality, session management is of particular importance, as it what enables the applications to persist its assurance if any given user's identity beyond the requests in which they supply their credential.
Now I'll show you how to attacking session management on a web applications and do some privileges escalation on it.
if we want to access to home.php (admin area) we must have an user name and password to login on it.
Now I'll use burp proxy and try to access home.php from repeater.
On proxy we can see the header requests to the server
I send to repeater on burp then try to request again..!!!!
look on the response header 302 found if we follow redirect we will bring to index.php and ask we to login with user name and password... as we know only admin that have the account ..
I try to access home.php fom repeater
look I can access the home.php (admin area) without username..
there are some interests thing on home.php like we can add new user and update some article now I try to add user from repeater.. lets look source code of home.php
if we want to add user we must go to manage_user.php.. I change home.php to manage_user.php on repeater..
I change manage_user.php to Process/manage_input.php and put users that we want to add on the content body
now login with username 'hello' and password 'hello'
and look ..!!!!!!!!!!!!!!!!
Tidak ada komentar:
Posting Komentar