Hello and welcome to these Cyberia secure coding course. My name is Sonny Wear, and this is the OAS top 10 for 2013 a two broken authentication in session management demo cookie manipulation.
This is the demo for cooking manipulation. So the first thing we're going to do is make sure we're not logged into the application. We can use an add on to fire Fox called cooking Manager to display any cookies that are currently in our browser.
Now, we don't have any right now, so this is good. We have a clean start.
I'm gonna go ahead and log into the application
actually going to turn on burp sweet.
And when I take a look at burp sweet, I'm gonna go ahead and forward this
so that my cookie gets assigned.
And one thing that you'll note is we've got a cookie that's been set for the session. That's
the cookie right there.
And then we also have a cookie for you. I d which is a number.
So if we take a look at that
in the cookie manager,
we can see the four cookies here. So
that was theseventies I d. That we saw in birth. Sweet,
but of note Is this you? I d So it looks like the u I. D for my account is the number 24.
Okay, so what we want to do is we want to see if the application code actually assigns a unique
a random, securely random number for this you i d and how we conduce. That
is we could actually edit this.
Let's change it to 12.
And so we actually changed two completely different user.
So that lets me know that the application code doesn't have any kind of random primary key that's being used there, just incrementally creating the number and ah, and assigning it to every new user.
elevate my privileges, I could probably guess that the first accounts ever created in this application were
route or admin or something like that. And so the numbers probably gonna be very low. So why don't we try
And sure enough, we are now admin.
So the problem here, of course, is that when setting your cookies when setting unique, identify IRS for your clients,
you must make sure that those cookies are not predictable.
You need to have them securely randomly generated either from a random generator, a random number generator or from a database.