OP 27 March, 2020 - 08:18 AM
Hello all. First post here, hoping it is appropriate to this forum.
I am working on a web app pen test which is just a simple user login. I have one user account, and the “goal” is to try and gain access to a different users account, for which I have the username.
The web app is very simple. No javascript, super basic CSS. two form fields for login sent via POST, neither are injectable (I’ve done a ton of manual testing, and used sqlmap a bunch of times with different options).
One GET request for logout, no parameters. No form fields after logging in. No information leaked via directories or files made available when they shouldn’t be, no errors in misconfiguration, nothing so obvious.
There is one session cookie set which is a 10 digit random number. I have been thinking this is the avenue of attack, assuming it might store and load sessions from a table, but everything I have tried to inject just gets ignored by the server. No response to attempting time delays, no error responses, nothing, and sqlmap also doesn’t find anything when testing the cookie paramter.
Stuff like XSS, CSRF etc isn’t relevant at the moment.
So, suggestions for what I can try? I feel like I’ve tried everything. There must be more to try but I am at the limits of my knowledge. Can anyone give me some suggestions for more techniques I can read up on and start to attempt?
I am working on a web app pen test which is just a simple user login. I have one user account, and the “goal” is to try and gain access to a different users account, for which I have the username.
The web app is very simple. No javascript, super basic CSS. two form fields for login sent via POST, neither are injectable (I’ve done a ton of manual testing, and used sqlmap a bunch of times with different options).
One GET request for logout, no parameters. No form fields after logging in. No information leaked via directories or files made available when they shouldn’t be, no errors in misconfiguration, nothing so obvious.
There is one session cookie set which is a 10 digit random number. I have been thinking this is the avenue of attack, assuming it might store and load sessions from a table, but everything I have tried to inject just gets ignored by the server. No response to attempting time delays, no error responses, nothing, and sqlmap also doesn’t find anything when testing the cookie paramter.
Stuff like XSS, CSRF etc isn’t relevant at the moment.
So, suggestions for what I can try? I feel like I’ve tried everything. There must be more to try but I am at the limits of my knowledge. Can anyone give me some suggestions for more techniques I can read up on and start to attempt?