APPLICATION PENETRATION TEST SUPER VEDA

More documents

Recommendations

Info

Application Penetration Test for Super VedaModifying the SQL Query- Sample Report -Changing the query to enable breaking out of the original one and adding aUNION SELECT with a new statement results in getting a modified list thatincludes the data from the database.ImpervaPage52 of73
Application Penetration Test for Super Veda- Sample Report -APPENDIX B - UNAUTHORIZED ACCESS TOACCOUNTSThe attacker reaches the login.asp page while trying to access any of therestricted pages. Since the application checks, on any of the restrictedpages, whether the client is authenticated, and finds out that he isn't, itsends him to the login page that looks like this:Access to the SiteThe attacker then inserts the following SQL bits into the username/passwordfields:And get in using the first name in the returned record set ('Mickey'):ImpervaPage53 of73
Page 1 and 2: APPLICATION PENETRATION TESTSUPER V
Page 3 and 4: REFERENCESREF DOCUMENT VERSION DATE
Page 5 and 6: 5.6 Script Injection into User’s
Page 7 and 8: Application Penetration Test for Su
Page 51: Application Penetration Test for Su
Page 73: Application Penetration Test for Su

APPLICATION PENETRATION TEST SUPER VEDA

Create successful ePaper yourself

Delete template?

Save as template?