Sam Bowne

Vulnerable Token Examples

1. Not Encoded

Log In:

Username: Password:

Goal: log in as admin

alert(document.cookie)

2. HTTP Only and Secure

Log In:

Username: Password:

Goal: log in as admin

alert(document.cookie)

alert(1)

3. Encrypted with DES-ECB

Log In:

Username: Password:

Goal: log in with uid=1

4. Encrypted with DES-ECB

Log In:

Username: Password:

Goal: log in with a non-zero numerical uid other than 10005

5. Encrypted with DES-CBC

Log In:

Username: Password:

Goal: log in with a non-zero numerical uid other than 10005


Last modified: 10-18-16 11:41 am