Cybersecurity

User Tools

Site Tools

Trace:
tbhm:04_authorization

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
tbhm:04_authorization [2026/05/14 09:28] – converted from markdown to dokuwiki syntax drewtbhm:04_authorization [2026/05/14 09:59] (current) – integrate zseano methodology drew
Line 22: Line 22:
   * Multiple sessions allowed   * Multiple sessions allowed
   * Easily reversible cookie (base64 most often)   * Easily reversible cookie (base64 most often)
 +
 +
 +
 +===== Zseano Auth Testing =====
 +
 +**Login testing:**
 +  * Host header injection in password reset: ''Host: evil.com'' -- does reset link use evil.com?
 +  * ''myemail%00@email.com'' -- null byte truncation to real account
 +  * Redirect parameter on login/reset: ''returnUrl'', ''goto'', ''return_url'', ''back''
 +  * Mobile login vs desktop -- often different codebases
 +
 +**Session bugs:**
 +  * Old cookies not invalidated on logout
 +  * Base64-encoded cookies -- readable user data
 +  * No new session cookie on privilege change
 +
 +**Account takeover chains:**
 +  * XSS + no email change confirmation = ATO
 +  * CSRF + email change = ATO
 +  * Open redirect in OAuth = token theft = ATO
 +
 +  * [[zseano:auth_session|Full Zseano Auth Guide]]
 +  * [[zseano:escalation|Bug Chaining & Escalation]]
  
tbhm/04_authorization.1778747293.txt.gz · Last modified: by drew
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki