Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?
Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:
POST /login.aspx HTTP/1.1
Host: comptia.org
Content-type: text/html
txtUsername=ann&txtPassword=ann&alreadyloggedln=false&submit=true
Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?
A . Remove all of the post data and change the request to /login.aspx from POST to GET
B . Attempt to brute force all usernames and passwords using a password cracker
C . Remove the txtPassword post data and change alreadyloggedln from false to true
D . Remove the txtUsername and txtPassword post data and toggle submit from true to false
Answer: C
Explanation:
The text "txtUsername=ann&txtPassword=ann" is an attempted login using a username of ‘ann’ and also a password of ‘ann’.
The text "alreadyloggedln=false" is saying that Ann is not already logged in.
To test whether we can bypass the authentication, we can attempt the login without the password and we can see if we can bypass the ‘alreadyloggedin’ check by changing alreadyloggedln from false to true. If we are able to log in, then we have bypassed the authentication check.
Incorrect Answers:
A: GET /login.aspx would just return the login form. This does not test whether the website is susceptible to a simple authentication bypass.
B: We do not want to guess the usernames and passwords. We want to see if we can get into the site without authentication.
D: We need to submit the data so we cannot toggle submit from true to false.