Task 5

Previous page
Table of content
Next page

The task is on the CD-ROM. It can be accessed at http://localhost/zadachi/5/.

The system is an authentication system based on session IDs stored in browser cookies. It is assumed that a user cannot access the source code of the system scripts and doesn't know logins and passwords to system accounts. The user cannot create an account.

The accounts are stored in the reguser table. The login of a user is stored in the login field, the password or its hash is stored in the pass field, and the access level is stored in the level field. Common users have access level one, and superusers have access level two.

The sid field stores the current session ID. In addition, the session ID is stored in the sid parameter in the browser cookies.

  • Goal 1. Find a vulnerability in the system.

  • Goal 2. Obtain the system administrator's rights using any other method.


Previous page
Table of content
Next page
Hacker Web Exploition Uncovered
Hacker Web Exploition Uncovered
ISBN: 1931769494
EAN: N/A
Year: 2005
Pages: 77
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Managing Enterprise Systems with the Windows Script Host
C++ How to Program (5th Edition)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
PMP Practice Questions Exam Cram 2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy