Examples
- Try to access a page directly with the URL (page that is normally shown when authenticated).
- Try changing parameter values, like http://www.site.com/page.asp?authenticated=no to http://www.site.com/page.asp?authenticated=yes
- If the session cookie value is predictable (linear), try guessing the next value.
- Try a SQL injection in the login form.
- Try using infrastructure specific vulnerabilities, like PHPBB 2.0.13 – Authentication Bypass Vulnerability.
- Access admin panels or protected resources with Host Header Injection (WSTG-INPV-17).