Question on Ironwasp's Privelege Test Center
13 views
Skip to first unread message
Pramod Ch
Mar 27, 2017, 6:01:22 AM3/27/17
to ironwasp
Hi Ironwasp team
I am using Iron Wasp to do the testing of category "Automatically Testing for Privilege Escalation Vulnerabilities using IronWASP"
i followed the steps present in above video to test our web application
session id of RO user = QIigImMYkavwLElshumSpsxniyjMxQVPbFVJRjjcLEywilrRFDlVxJKFJwrgmOVnWsyNdHrqlPN
session if of RW user = bTBLtmmQSRZqsSGdqmyQkNcnsRCpMuxNnAajMOZhFBxAtGfJSfzdSdSkxWbLqzagZapoqQXxruX
but when doing this test, ironwasp is sending the changed request with a new session id, not with the RO user session id. the new session id is as below.
session id seen in the changed request = TZyWnrlWSdHPvsEueLkImmzLMVsiUnyNPWlcQwZIziZxADtgQDOEQnqCKIngxLvOjGRZFsjGAiF
as per the test procedure, changed request should be sent out with the session id that of RO user, but not a new session ID.is there any setting to do this ?
tool version used is 0.9.8.6
Thanks in advance.
Regards
Pramod
I am using Iron Wasp to do the testing of category "Automatically Testing for Privilege Escalation Vulnerabilities using IronWASP"
i followed the steps present in above video to test our web application
session id of RO user = QIigImMYkavwLElshumSpsxniyjMxQVPbFVJRjjcLEywilrRFDlVxJKFJwrgmOVnWsyNdHrqlPN
session if of RW user = bTBLtmmQSRZqsSGdqmyQkNcnsRCpMuxNnAajMOZhFBxAtGfJSfzdSdSkxWbLqzagZapoqQXxruX
but when doing this test, ironwasp is sending the changed request with a new session id, not with the RO user session id. the new session id is as below.
session id seen in the changed request = TZyWnrlWSdHPvsEueLkImmzLMVsiUnyNPWlcQwZIziZxADtgQDOEQnqCKIngxLvOjGRZFsjGAiF
as per the test procedure, changed request should be sent out with the session id that of RO user, but not a new session ID.is there any setting to do this ?
tool version used is 0.9.8.6
Thanks in advance.
Regards
Pramod
Reply all
Reply to author
Forward
0 new messages