How To Rob An Online Bank And Get Away With It - Acros Security

More documents

Recommendations

Info

ACROS PUBLIC Page 24SOURCE Boston 2012User – Public Server – Back End ServerJSPPHPPOST /transfersource=1 & dest=2 & amount=100source = request.getParameter(“source”) // 1amount = request.getParameter(“amount”) // 100IF NOT user_authorized_for(source) THEN ERROR()IF disposable(source) < amount THEN ERROR()Call BackEndTransaction(request)POST /BackEndTransactionsource=1 & dest=2 & amount=100source = $_POST[“source”] // 1dest = $_POST[“dest”] // 2amount = $_POST[“amount”] // 100
ACROS PUBLIC Page 25SOURCE Boston 2012HTTP Parameter Pollution – Source accountJSPPHPPOST /transfersource=1 & dest=2 & amount=100 & source=42source = request.getParameter(“source”) // 1amount = request.getParameter(“amount”) // 100IF NOT user_authorized_for(source) THEN ERROR()IF disposable(source) < amount THEN ERROR()Call BackEndTransaction(request)POST /BackEndTransactionsource=1 & dest=2 & amount=100 & source=42source = $_POST[“source”] // 42dest = $_POST[“dest”] // 2amount = $_POST[“amount”] // 100IF NOT user_authorized_for(source) THEN ERROR()
Page 1 and 2: ACROS PUBLIC© ACROSHow to Roban On
Page 3 and 4: ACROS PUBLIC Page 3SOURCE Boston 20
Page 23: ACROS PUBLIC Page 23SOURCE Boston 2
Page 47: ACROS PUBLIC Page 47SOURCE Boston 2

How To Rob An Online Bank And Get Away With It - Acros Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?