Fix spelling issues
This commit is contained in:
		| @ -1,9 +1,9 @@ | |||||||
| == Missing Function Level Access Control | == Missing Function Level Access Control | ||||||
|  |  | ||||||
| Access control, like preventing XSS with output encoding can be tricky to maintain. One needs to ensure it is enforced properly throughout the entire application, thus in every method/function. | Access control, like preventing XSS with output encoding, can be tricky to maintain. One must ensure it is adequately enforced throughout the entire application, thus in every method/function. | ||||||
|  |  | ||||||
| === IDOR vs Missing Function Level Access Control | === IDOR vs Missing Function Level Access Control | ||||||
|  |  | ||||||
| The fact is many people (including the author of this lesson) would combine function level access control and IDOR into 'Access Control'. For sake of OWASP Top 10 and these lessons, we will make a | The fact is many people (including the author of this lesson) would combine function level access control and IDOR into 'Access Control.' For the sake of OWASP Top 10 and these lessons, we will make a | ||||||
| distinction. The distinction most made is that IDOR is more of a 'horizontal' or 'lateral' access control issue, and missing function level access control 'exposes functionality'. Even though, | distinction. The distinction most made is that IDOR is more of a 'horizontal' or 'lateral' access control issue, and missing function level access control 'exposes functionality.' Even though | ||||||
| the IDOR lesson here demonstrates how functionality may also be exposed, (at least to another user in the same role), we will look at other ways functionality might be exposed. | the IDOR lesson here demonstrates how functionality may also be exposed (at least to another user in the same role), we will look at other ways functionality might be exposed. | ||||||
|  | |||||||
| @ -1,11 +1,11 @@ | |||||||
| == Relying on Obscurity | == Relying on Obscurity | ||||||
|  |  | ||||||
| One could rely on HTML, CSS or javascript to hide links that users don't normally access. | One could rely on HTML, CSS, or javascript to hide links that users don't normally access. | ||||||
| In the past there has been a case where a network router tried to protect (hide) admin functionality with javascript in the UI: https://www.wired.com/2009/10/routers-still-vulnerable. | In the past, a network router tried to protect (hide) admin functionality with javascript in the UI: https://www.wired.com/2009/10/routers-still-vulnerable. | ||||||
|  |  | ||||||
| === Finding Hidden Items | === Finding Hidden Items | ||||||
|  |  | ||||||
| There are usually hints to finding functionality the UI does not openly expose in ... | There are usually hints to finding functionality the UI does not openly expose in: | ||||||
|  |  | ||||||
| * HTML or javascript comments | * HTML or javascript comments | ||||||
| * Commented out elements | * Commented out elements | ||||||
| @ -13,4 +13,4 @@ There are usually hints to finding functionality the UI does not openly expose i | |||||||
|  |  | ||||||
| === Your Mission | === Your Mission | ||||||
|  |  | ||||||
| Find two invisible menu items in the menu below that are, or would be, of interest to an attacker/malicious user and submit the labels for those menu items (there are no links right now in the menus). | Find two invisible menu items in the menu below that are or would be of interest to an attacker/malicious user and submit the labels for those menu items (there are no links right now in the menus). | ||||||
| @ -1,9 +1,15 @@ | |||||||
| == Just Try It | == Try it | ||||||
|  |  | ||||||
| As the previous page described, sometimes applications rely on client-side controls to control access (obscurity). If you can find items which are invisible, just try them and see what happens. Yes, it can be that simple! | As the previous page described, sometimes applications rely on client-side controls to control access (obscurity). If you can find invisible items, try them and see what happens. Yes, it can be that simple! | ||||||
|  |  | ||||||
| === Gathering User Info | === Gathering User Info | ||||||
|  |  | ||||||
| Often data dumps originate from vulnerabilities such as sql injection, but they can also come from poor or lacking access control. | Often data dumps originate from vulnerabilities such as SQL injection, but they can also come from poor or lacking access control. | ||||||
|  |  | ||||||
| It will likely take multiple steps and multiple attempts to get this one. Pay attention to the comments and leaked info. And you'll need to do some guessing too.  You may need to use another browser/account along the way.  Start with the info you already gathered (hidden menu items) to see if you can pull the list of users and then provide the 'Hash' for your own user account. | It will likely take multiple steps and multiple attempts to get this one: | ||||||
|  |  | ||||||
|  | - Pay attention to the comments and leaked info. | ||||||
|  | - You'll need to do some guessing too. | ||||||
|  | - You may need to use another browser/account along the way. | ||||||
|  |  | ||||||
|  | Start with the information you already gathered (hidden menu items) to see if you can pull the list of users and then provide the 'Hash' for your user account. | ||||||
		Reference in New Issue
	
	Block a user