本文深入探讨了Bwapp中与权限和Session管理相关的安全漏洞,包括Broken Authentication的各种情况以及Session Management的不同级别。在低级别中,讨论了HTTPOnly Cookie的设置问题,指出其可被JavaScript访问,而在中级阶段,强调了启用HTTPOnly属性以防止JavaScript访问的重要性。
Broken Authentication - CAPTCHA Bypassing,ba_captcha_bypass.php
Broken Authentication - Forgotten Function,ba_forgotten.php
Broken Authentication - Insecure Login Forms,ba_insecure_login.php
Broken Authentication - Logout Management,ba_logout.php
Broken Authentication - Password Attacks,ba_pwd_attacks.php
Broken Authentication - Weak Passwords,ba_weak_pwd.php
Session Management - Administrative Portals,smgmt_admin_portal.php
Session Management - Cookies (HTTPOnly)
级别-low
在该级别下,cookie可以在http和使用js访问。
setcookie("top_security", "no", time()+3600, "/", "", false, false);- Cookie的名称:
top_security - Cookie的值:
no
最低0.47元/天 解锁文章
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
