Software and web application security

January 12, 2007

Elevation of Privilege lowest common denominator

Filed under: penetration testing, software security, web apps — chrisweber @ 11:57 pm

Sometimes a web app EoP vulnerability is as difficult to exploit as stealing a cookie or guessing a password and other times it’s as easy as incrementing an integer. Today I was testing another web app and modifying records belonging to other users by incrementing the recordId value… I couldn’t believe it was 2007. Luckily the fix I discussed with the devs was simple but the application architecture had more severe systemic issues which allowed this.


1 Comment »

  1. For those individuals that pay child support
    regularly and do so diligently discovering that they shouldn’t have been paying child support could be a surprise.
    If a divorced couple can make amicable arrangements about supporting the children financially then this is without doubt the best way forward.
    For example, in the Herring case, the child-support obligation of the father, who made $1300 per month, was $673 per month under Virginia’s child-support guidelines.

    Comment by Child Support Staten Island — January 22, 2014 @ 2:49 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at

%d bloggers like this: