Proposing SQL Statement Coverage Metrics: Difference between revisions

Line 78:

The <code>$_COOKIE[‘role’]</code> macro extracts the value stored on the user’s machine for the parameter passed (in this case “role”). The web application provides one set of content for users with the administrator role and another set of content for those with the employee role. If the role parameter is anything else, the user is redirected to <code>authrequired.html</code>, which presumably contains some type of message to the user that authentication is required to access the requested page. The vulnerability stems from the relatively well-known fact that HTTP cookies are usually stored in a text file on the user’s machine. In this case, the attacker need only to edit this file and see that there is a parameter named “role” and a reasonable guess for the authentication value would be “admin”. The consequence is as follows: If the attacker succeeds in guessing the correct value, the system provides content to a user who was unauthorized to view it and the system has been exploited.

if ($_COOKIE[‘role’] == ‘admin’)

{

//give admin access

}

else if ($_COOKIE[‘role’] == ‘employee’)

{

//give employee access

}

else

{

//no role or unrecognizable role,

//redirect to an error page.

header(“Location: authrequired.html”);

}

== 9. References ==

@@ Line 78: / Line 78: @@
 The <code>$_COOKIE[‘role’]</code> macro extracts the value stored on the user’s machine for the parameter passed (in this case “role”). The web application provides one set of content for users with the administrator role and another set of content for those with the employee role. If the role parameter is anything else, the user is redirected to <code>authrequired.html</code>, which presumably contains some type of message to the user that authentication is required to access the requested page. The vulnerability stems from the relatively well-known fact that HTTP cookies are usually stored in a text file on the user’s machine. In this case, the attacker need only to edit this file and see that there is a parameter named “role” and a reasonable guess for the authentication value would be “admin”. The consequence is as follows: If the attacker succeeds in guessing the correct value, the system provides content to a user who was unauthorized to view it and the system has been exploited.
+  if ($_COOKIE[‘role’] == ‘admin’)
+  {
+   //give admin access
+  }
+  else if ($_COOKIE[‘role’] == ‘employee’)
+  {
+   //give employee access
+  }
+  else
+  {
+   //no role or unrecognizable role,
+   //redirect to an error page.
+   header(“Location: authrequired.html”);
+  }
+<center>
 == 9. References ==