-
Book Overview & Buying
-
Table Of Contents
Mastering Modern Web Penetration Testing
By :
Consider a banking web application, which transfers money to another user based on his username. The following URL is generated for the same:
https://bank.example.com/transfer/money?username=John&amount=500
So, assuming that the user is logged in and the preceding URL is received by the server of the banking application, it will generously transfer 500 dollars to the username John. Now this is perfectly okay until someone with evil intention creates a webpage with the following content and hosts it somewhere:
<html>
<head>
</head>
<body>
<img src="https://bank.example.com/transfer/money?username=Attacker&amount=2500"/>
</body>
</html>If a logged in user of the banking application views the above page, the browser will try to load the image, which actually is a URL to transfer money to the attacker with the amount 2500 dollars. In an attempt to load the image, a GET request will be sent to the server of...