Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is... you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm
Authorization bypass, to gain access to the Admin backend, can be as simple as this:
- Find weak target login page.
- View source. Copy to notepad.
- Delete the authorization javascript, amend a link or two.
- Save to desktop.
- Open on desktop. Enter anything into login fields, press enter.
- Hey Presto.
Here's a great video of a White Hat going through the authorization-bypass process on YouTube. This was done against a small university's website. It's a two-minute process. Note that he gets into the User 1 account, which is not the Admin account in this case. Is Admin User 1 on your User table?
0 comments:
Post a Comment