How to Rob an Online Bank (and get away with it) - Acros Security
12.07.2015 Views
Share Embed Flag

How to Rob an Online Bank (and get away with it) - Acros Security

How to Rob an Online Bank (and get away with it) - Acros Security

How to Rob an Online Bank (and get away with it) - Acros Security

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
  • No tags were found...
acros.si

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

HTTP Parameter Pollution(Source Account)JSPPHPPOST /tr<strong>an</strong>sfersource=1 & dest=2 & amount=100 & source=42source = request.<strong>get</strong>Parameter(“source”) // 1amount = request.<strong>get</strong>Parameter(“amount”) // 100IF NOT user_authorized_for(source) THEN ERROR()IF disposable(source) < amount THEN ERROR()Call BackEndTr<strong>an</strong>saction(request)POST /BackEndTr<strong>an</strong>sactionsource=1 & dest=2 & amount=100 & source=42source = $_POST[“source”] // 42dest = $_POST[“dest”] // 2amount = $_POST[“amount”] // 100IF NOT user_authorized_for(source) THEN ERROR()25

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!