Unauthorized access test, unauthorized test
Unauthorized access test
Test Principles and Methods
Unauthorized access means that users can directly access pages or text information that require authentication without authorization. You can try to copy the relevant page links to other browsers or other computers to visit after logging in to the foreground or background of a certain website, and observe whether the access is successful.
Testing process
An attacker logs in to an application to access a page that requires authentication, then switches the browser to access this page again. If the attacker successfully accesses the page, there is an unauthorized access vulnerability, as shown in the figure.
Take the payment and recharge of a website as an example
Step 1: Log in to a website in the IE browser to pay the fee, as shown in the figure
Step 2: Copy the successfully paid URL, access it in the Firefox browser, and access it successfully, as shown in the figure
repair suggestion
Unauthorized access can be understood as the address that requires security configuration or authorization authentication, and the authorization page has defects, which leads to other users' direct access, which leads to the disclosure of sensitive information such as sensitive information such as important permissions can be operated, database, and website directory. Therefore, unauthorized access pages Do Sessi