Web security testing using Burp and Firebug STC 2012 - QAI
Web security testing using Burp and Firebug STC 2012 - QAI
Web security testing using Burp and Firebug STC 2012 - QAI
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Web</strong> <strong>security</strong> <strong>testing</strong> <strong>using</strong> <strong>Burp</strong>Repeater (ctd..)When we use the Repeater to submit arequest where the username value is ‘ or ’1′=’1 we get a different error. The error tellsus the password (blank in the request) wesubmitted was incorrect. The XPATH querywill now look something like this://users/user[username=' ' or '1' ='1']/passwordSince we know the user name now, we canbrute force the password <strong>using</strong> intruder.13ETT | 12/10/<strong>2012</strong> | © Robert Bosch Engineering <strong>and</strong> Business Solutions Limited <strong>2012</strong>. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.