Bwapp权限和session管理有关漏洞

Broken Authentication - CAPTCHA Bypassing,ba_captcha_bypass.php
Broken Authentication - Forgotten Function,ba_forgotten.php
Broken Authentication - Insecure Login Forms,ba_insecure_login.php
Broken Authentication - Logout Management,ba_logout.php
Broken Authentication - Password Attacks,ba_pwd_attacks.php
Broken Authentication - Weak Passwords,ba_weak_pwd.php
Session Management - Administrative Portals,smgmt_admin_portal.php


Session Management - Cookies (HTTPOnly)

级别-low

在该级别下,cookie可以在http和使用js访问。

Bwapp权限和session管理有关漏洞_第1张图片

 setcookie("top_security", "no", time()+3600, "/", "", false, false);
  1. Cookie的名称:top_security
  2. Cookie的值:no
  3. C

你可能感兴趣的:(安全测试,安全)