APPLICATION PENETRATION TEST SUPER VEDA
APPLICATION PENETRATION TEST SUPER VEDA
APPLICATION PENETRATION TEST SUPER VEDA
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.6 Script Injection into User’s Browser ..................................................................................285.7 Cross-site Scripting .............................................................................................................305.8 Permissions Misuse .............................................................................................................315.9 Forceful Browsing ...............................................................................................................315.10 Information Disclosure........................................................................................................316 Recommendations................................................................................................................336.1 Avoiding SQL Injection .......................................................................................................336.2 Obtaining a Discount for Purchases...................................................................................346.3 Parameters Tampering........................................................................................................346.4 Scripts Handling..................................................................................................................346.5 Permissions Misuse .............................................................................................................356.6 Forceful Browsing ...............................................................................................................356.7 Information Disclosure........................................................................................................35Appendix A - Reading the Entire Database Contents...............................................................36Appendix B - Unauthorized Access to Accounts........................................................................53Appendix C - Obtaining a Discount for Purchases ...................................................................55Appendix D - Parameters Tampering ........................................................................................60Appendix E - Script Injection into Administrator’s Browser ..................................................67Appendix F - Script Injection into User’s Browser ...................................................................69Appendix G - Cross-site Scripting ..............................................................................................72