Read on Twitter
I've been finding a lot of access control bugs lately! Here's how.
Firstly I have two users, one with high privileges (admin), and one with low privileges (joe). I log in as the admin first, and use all the functionality. Whenever I do something that should...
Thread
Firstly I have two users, one with high privileges (admin), and one with low privileges (joe). I log in as the admin first, and use all the functionality. Whenever I do something that should...
Thread
be reserved for an administrator, I send the request over to Repeater. Once I have a stack of them, I get the cookies from the "joe" account and insert them into those requests. I send them and analyse the difference in response to see if it worked. If it did, I report it!
Then, I do the same thing but without any cookies or session tokens to see if it works unauthenticated.
You would be amazed at how many applications appear totally secure, and then there's just one or two endpoints that are vulnerable. This is because many web frameworks...
You would be amazed at how many applications appear totally secure, and then there's just one or two endpoints that are vulnerable. This is because many web frameworks...
kind of suck at implementing roles and permissions. Web frameworks have been very successful at lessening the amount of injection vulnerabilities we see, but permissions still need to be defined by a human, so they're more prone to errors.
By the way - if you want to make this whole process 100x faster, check out the "Autorize" burp plugin. @Regala_ and @stokfredrik did a great video about it here:
