APPLICATION PENETRATION TEST SUPER VEDA

More documents

Recommendations

Info

TABLE of CONTENTSReferences.........................................................................................................................................3Acknowledgments .............................................................................................................................3Contacts ...........................................................................................................................................31 Introduction............................................................................................................................62 Scope & Limitations ..............................................................................................................72.1 Scope......................................................................................................................................72.2 Limitations .............................................................................................................................72.3 Method ...................................................................................................................................72.4 Prior Knowledge....................................................................................................................73 Application Description.........................................................................................................83.1 Functionality..........................................................................................................................83.2 Technology.............................................................................................................................94 Summary of Results.............................................................................................................104.1 Reading the Entire Database Contents...............................................................................104.2 Unauthorized Access to Accounts .......................................................................................104.3 Obtaining a Discount for Purchases...................................................................................104.4 Parameters Tampering........................................................................................................114.5 Script Injection into Administrator’s Browser....................................................................114.6 Script Injection into USER’S BROWSER ...........................................................................114.7 Cross-site Scripting .............................................................................................................124.8 Permissions Misuse .............................................................................................................124.9 Forceful Browsing ...............................................................................................................124.10 Information Disclosure...................................................................................................125 Detailed results.....................................................................................................................145.1 Reading the Entire Database Contents...............................................................................145.1.1 showproducts.asp ...........................................................................................................................145.1.2 proddetails.asp................................................................................................................................175.1.3 addcomment.asp.............................................................................................................................185.1.4 dosearch.asp ...................................................................................................................................195.1.5 getstates.asp....................................................................................................................................205.2 Unauthorized Access to Accounts .......................................................................................205.3 Obtaining a Discount for Purchases...................................................................................225.4 Parameters Tampering........................................................................................................245.5 Script Injection into Administrator’s Browser....................................................................27
5.6 Script Injection into User’s Browser ..................................................................................285.7 Cross-site Scripting .............................................................................................................305.8 Permissions Misuse .............................................................................................................315.9 Forceful Browsing ...............................................................................................................315.10 Information Disclosure........................................................................................................316 Recommendations................................................................................................................336.1 Avoiding SQL Injection .......................................................................................................336.2 Obtaining a Discount for Purchases...................................................................................346.3 Parameters Tampering........................................................................................................346.4 Scripts Handling..................................................................................................................346.5 Permissions Misuse .............................................................................................................356.6 Forceful Browsing ...............................................................................................................356.7 Information Disclosure........................................................................................................35Appendix A - Reading the Entire Database Contents...............................................................36Appendix B - Unauthorized Access to Accounts........................................................................53Appendix C - Obtaining a Discount for Purchases ...................................................................55Appendix D - Parameters Tampering ........................................................................................60Appendix E - Script Injection into Administrator’s Browser ..................................................67Appendix F - Script Injection into User’s Browser ...................................................................69Appendix G - Cross-site Scripting ..............................................................................................72
Page 1 and 2: APPLICATION PENETRATION TESTSUPER V
Page 3: REFERENCESREF DOCUMENT VERSION DATE
Page 7 and 8: Application Penetration Test for Su
Page 55 and 56:
Application Penetration Test for Su
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73:
show all

APPLICATION PENETRATION TEST SUPER VEDA

Create successful ePaper yourself

Delete template?

Save as template?