Bypassing Authentication Schema

Examples

  • Try to access a page directly with the URL (page that is normally shown when authenticated).
  • Try changing parameter values, like http://www.site.com/page.asp?authenticated=no to http://www.site.com/page.asp?authenticated=yes
  • If the session cookie value is predictable (linear), try guessing the next value.
  • Try a SQL injection in the login form.
  • Try using infrastructure specific vulnerabilities, like PHPBB 2.0.13 – Authentication Bypass Vulnerability.
  • Access admin panels or protected resources with Host Header Injection (WSTG-INPV-17).