Null Payload

Scenario: We want to analyze the randomnenss of the uid cookie value when the same user logs in repeatedly. What are the consequences if a user's uid cookie gets stolen somehow?

Send the login request to the Intruder, and click on Clear § button to remove all payload position markings.
Select attack type as Sniper.

3. Navigate to the Payloads sub-tab, and select payload type as Null payloads.

4. In the Payload Options [Null payloads] section, specify the total number of requests to be made.

5. Start the attack and observe the uid values returned by the server.

6. We notice that uid is set to a constant value for a valid user. Hence, uid could be brute-forced in order to gain access to a random user's account.

7. Intercept the login request for a user, say user.

8. Change the value of uid, say from 23 to 30, and forward the request.

9. Observe the value of Logged-In-User in the response header. It says user_3 instead of user.

10. Just by changing the uid value, we could bypass the authentication mechanism and successfully log in as a random user.

PreviousCustom Iterator NextRequest in Browser: Privilege Escalation Check

Last updated 4 years ago