The EuroSTAR Blog

All the latest testing News

 

<< Back

02 Sep

Oops... I just stole your password

02 September 2010 by Teemu Vesala

Hmh... wrong password, so I submit it again. And my password is stolen. Why?

I'm calling myself evil tester. For many people it sounds negative term but I think it describes my testing style very well. Evil tester is not evil for people but for software.He also knows how criminals could take benefit from software problems.

For example I've found lack of validation at redirection URL. Such issue is quite often at login because it is good idea to redirect user to previous page after succesful login. But if the url is not validated, evil person can redirect the user to some other page. That doesn't sound bad - right?

What if the destination page looks just like normal login page with text about unsuccesful login like above? How many noticed that URL had wrong domain? Would you have noticed it during normal login? Evil tester knows how to take benefit from the weakness. And tells that.

<< Back
Bookmark and Share

3 comment(s) for “Oops... I just stole your password”

  1. Gravatar of Hessy
    Hessy Says:
    29 April 2011Wow! Great tihnknig! JK
  2. Gravatar of evddwgppvsc
    evddwgppvsc Says:
    01 May 2011nqVMnx , [url=http://fvrglhroekyy.com/]fvrglhroekyy[/url], [link=http://jcvpfffoyjrq.com/]jcvpfffoyjrq[/link], http://fepaoisxjshu.com/
  3. Gravatar of vjejwtzvj
    vjejwtzvj Says:
    04 May 2011NInjwC , [url=http://urmwksrjuaie.com/]urmwksrjuaie[/url], [link=http://mfajyztioewa.com/]mfajyztioewa[/link], http://ulbpvjgvvmgp.com/

Leave comment:

Name:  
Email:  
Website:
Comment:  
 
Enter the text below and click submit.