How to Rob an Online Bank (and get away with it) - Acros Security
How to Rob an Online Bank (and get away with it) - Acros Security
How to Rob an Online Bank (and get away with it) - Acros Security
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Request FlowJSPPHPPOST /tr<strong>an</strong>sfersource=1 & dest=2 & amount=100source = request.<strong>get</strong>Parameter(“source”) // 1amount = request.<strong>get</strong>Parameter(“amount”) // 100IF NOT user_authorized_for(source) THEN ERROR()IF disposable(source) < amount THEN ERROR()Call BackEndTr<strong>an</strong>saction(request)POST /BackEndTr<strong>an</strong>sactionsource=1 & dest=2 & amount=100source = $_POST[“source”] // 1dest = $_POST[“dest”] // 2amount = $_POST[“amount”] // 10024