Chapter 5

Web Application Exploitation with Broken Authentication and Path Traversal

Chapter Rundown:

■ Why authentication and session vulnerabilities are so widespread

■ Using Burp Intruder for brute force authentication attacks

■ Why session attacks are so difficult: cookie cracking is not a good idea

■ Pillaging the web server’s file system with path traversal attacks

Introduction

Authentication allows us to sign in to a web application so we have a personalized browsing experience, while session management keeps tracks of the requests and responses so we can perform multistep actions such as shopping and bill paying. They are really two peas in a pod. Neither authentication nor session management was considered when the HTTP protocol was invented ...

Get The Basics of Web Hacking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Basics of Web Hacking by Josh Pauli

Web Application Exploitation with Broken Authentication and Path Traversal

Chapter Rundown:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly