Pwning Through HTTP Headers Manipulation Scenarios – Part1

Gigging and manipulating of HTTP headers values in a penetration test can help us to realize behavior of the program in some particular manners, so in this article, I’m talking about some scenarios that formed on header based attacks.
– Uploader Limitation Evasion
We know that uploaders are the milestone of the attackers for getting access with some tricks. In this section, I’m going to review some codes and introduce a bit bypassing techniques.
The first at all is an uploader that accepts only PNG files and in the meanwhile, it has a protection for PHP files.




Race Condition Vulnerability on Advanced Web App Platforms

The Race Condition vulnerability is publicly known as problems of multi-threading and processing some value real-time on client based applications.
When two thread is processing real-time (usable memory that shared between of them) fields must be managed as they appear to validate the memory access which is quite limited. For web application example, operations that have received for processing or transmission of the information reported in a Bank’s money could be mentioned.
Transferring and validation process, certainty will be formed simultaneously without interruption, so it is a good opportunity to implement an attacker’s payload, and scenarios.



Continue

Projects

All Right Reserved For PentesterLab 2012-2013