Fixed typos
This commit is contained in:
xanderhades
Nanne Baars
@ -4,5 +4,5 @@ Older apps may follow different patterns, but RESTful apps (which is what's goin
|
||||
to perform different functions.
|
||||
|
||||
Use that knowledge to take the same base request, change its method, path and body (payload) to modify another user's (Buffalo Bill's) profile.
|
||||
Change the role to something lower (since higher privilege roles and users are ususally lower numbers). Also change modify the
|
||||
Change the role to something lower (since higher privilege roles and users are ususally lower numbers). Also change the
|
||||
user's color to 'red'.
|
||||
@ -1 +1 @@
|
||||
Please input the alternate path to the Url to view your own profile. Please start witih 'WebGoat' (i.e. disregard 'http://localhost:8080/')
|
||||
Please input the alternate path to the Url to view your own profile. Please start with 'WebGoat' (i.e. disregard 'http://localhost:8080/')
|
||||
@ -15,12 +15,12 @@ Examples of Direct Object References using the GET method may look something lik
|
||||
|
||||
=== Other Methods
|
||||
|
||||
POST, PUT, DELETE or other methods are also potentially succeptible and mainly only differ in the method and the potential payload.
|
||||
POST, PUT, DELETE or other methods are also potentially susceptible and mainly only differ in the method and the potential payload.
|
||||
|
||||
== *Insecure* Direct Object References
|
||||
|
||||
These are considered insecure when the reference is not properly handled and allows for authorization bypasses or disclose private data that could be used to
|
||||
perform opreations or access data that the user should not be able to perform or access.
|
||||
perform operations or access data that the user should not be able to perform or access.
|
||||
Let's say that as a user, you go to view your profile and the URL looks something like:
|
||||
|
||||
`https://some.company.tld/app/user/23398`
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
=== Authenticate First, Abuse Authorization Later
|
||||
|
||||
Many access control issues are succeptible to attack from an authenticated-but-unauthorized user. So, let's start by legitimately authenticating. Then, we will look for ways to bypass or abuse Authorization.
|
||||
Many access control issues are susceptible to attack from an authenticated-but-unauthorized user. So, let's start by legitimately authenticating. Then, we will look for ways to bypass or abuse Authorization.
|
||||
|
||||
The id and password for the account in this case are 'tom' and 'cat' (It is an insecure app, right?).
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ For example, if a super-user or admin can edit other's profiles ... That is some
|
||||
examples would include detected violations or attempts to violate access control mechanisms.
|
||||
|
||||
=== Using Indrect References
|
||||
Not many applications employ it, but you can use *indirect* refrences. In this case you can run your references across a hahsing,
|
||||
Not many applications employ it, but you can use *indirect* references. In this case you can run your references across a hashing,
|
||||
encoding or other function on the server so that the id that the client sees is not the actual reference
|
||||
which the server handles. This will reduce efficiency some (a common trade-off for security) and is still subject to being
|
||||
guessed, brute-forced or reverse engineered.
|
||||
|
||||
Reference in New Issue
Block a user