[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Header information

From: "Ricky " <nik2233@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Header information
Date: 1 Jul 2008 13:40:14 -0000

--Next_1214919614---0-202.137.236.233-12959
Content-type: text/plain;
	charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

 =A0=0AHi All,=0A=0AWhile doing a code review of the application, i came ac=
ross a scenario, in which Id is taken from header. =0A=0AIf the id is '0' t=
hen user is Admin else normal user.=0A=0AMy doubt: Is the code below is vul=
nerable to elevation of privilege.(by changing the value to 0) =0A=0AAlso, =
which tool i can use to cross verify it in the browser.=0A=0AI tried to cha=
nge consumerID variable using some tool including fiddler and few others, b=
ut unable to see the "consumerID" variable=0A=0A<%=0A// Get the consumer Id=
 from the headers=0A// and render the JSP if the consumer is not a Admin=0A=
=0AString consumerID =3D request.getHeader("ConsumerID");=0A=0Aif((consumer=
ID !=3D null && !consumerID.equals("0"))) =0A{=0A%>=0A	<jsp:doBody />=0A<%=
=0A}=0A%>=0A=0AThanks in advance=0A=0A~Nik=0A
--Next_1214919614---0-202.137.236.233-12959
Content-type: text/html;
	charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<P>=0A&nbsp; <BR>=0AHi All,<BR>=0A<BR>=0AWhile doing a code review of the a=
pplication, i came across a scenario, in which Id is taken from header. <BR=
>=0A<BR>=0AIf the id is '0' then user is Admin else normal user.<BR>=0A<BR>=
=0AMy doubt: Is the code below is vulnerable to elevation of privilege.(by =
changing the value to 0) <BR>=0A<BR>=0AAlso, which tool i can use to cross =
verify it in the browser.<BR>=0A<BR>=0AI tried to change consumerID variabl=
e using some tool including fiddler and few others, but unable to see the &=
quot;consumerID&quot; variable<BR>=0A<BR>=0A&lt;%<BR>=0A// Get the consumer=
 Id from the headers<BR>=0A// and render the JSP if the consumer is not a A=
dmin<BR>=0A<BR>=0AString consumerID =3D request.getHeader(&quot;ConsumerID&=
quot;);<BR>=0A<BR>=0Aif((consumerID !=3D null &amp;&amp; !consumerID.equals=
(&quot;0&quot;))) <BR>=0A{<BR>=0A%&gt;<BR>=0A&nbsp; &nbsp; &nbsp;&lt;jsp:do=
Body /&gt;<BR>=0A&lt;%<BR>=0A}<BR>=0A%&gt;<BR>=0A<BR>=0AThanks in advance<B=
R>=0A<BR>=0A~Nik<BR>=0A=0A</P>=0A<br><br>=0A
--Next_1214919614---0-202.137.236.233-12959--

Follow-Ups:
- Re: [WEB SECURITY] Header information
  - From: Chris Patten
- RE: [WEB SECURITY] Header information
  - From: Brian Shura

Prev by Date: [WEB SECURITY] CFP 25C3 - The 25th Chaos Communication Congress 2008
Next by Date: [WEB SECURITY] New Paper: More than 600 million users surf at high risk
Previous by thread: [WEB SECURITY] CFP 25C3 - The 25th Chaos Communication Congress 2008
Next by thread: Re: [WEB SECURITY] Header information
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site