SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
SAP: Session (Fixation) Attacks and Protections - Black Hat
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
#3 Discovery <strong>and</strong> Exploitation (3)• Pen-tester obtains a valid session ID (pre)• The session ID is “fixed” in the victimbrowser (ARP poisoning & traffic control)– MitM by injecting the session ID in the cookieheaders of the HTTP response (307 redirect)• The user authenticates in the <strong>SAP</strong> Portal– <strong>Session</strong> ID does not change (session fixation)• Pen-Tester gets full access to victim’ssession (business critical data <strong>and</strong> actions)Copyright © 2011 Taddong S.L. www.taddong.com56