16 lines
604 B
Plaintext
16 lines
604 B
Plaintext
== Authentication Bypasses
|
|
|
|
Authentication Bypasses happen in many ways but usually take advantage of some flaw in the configuration or logic. Tampering to achieve the right conditions.
|
|
|
|
=== Hidden inputs
|
|
|
|
The simplest form is a reliance on a hidden input in the web page/DOM.
|
|
|
|
=== Removing Parameters
|
|
|
|
Sometimes, if an attacker doesn't know the correct value of a parameter, they may remove it from the submission altogether to see what happens.
|
|
|
|
=== Forced Browsing
|
|
|
|
If an area of a site is not appropriately protected by configuration, that area of the site may be accessed by guessing/brute-forcing.
|