How would you compromise this system, which relies on cookie-based security?

Pearls Productions, an e-commerce website (http://www. pearl-productions-shop.com) uses a cookie to keep a user session active once a user has logged in. When a user successfully logs in to the application, a cookie is sent to the client containing the user ID, and this is referred to when the user requests certain functions from the server to make sure that the user has certain rights.
How would you compromise this system, which relies on cookie-based security?

Pearls Productions, an e-commerce website (http://www. pearl-productions-shop.com) uses a cookie to keep a user session active once a user has logged in. When a user successfully logs in to the application, a cookie is sent to the client containing the user ID, and this is referred to when the user requests certain functions from the server to make sure that the user has certain rights.
How would you compromise this system, which relies on cookie-based security?

A.
Delete the cookie and reestablish connection to the server and access higher level privileges

B.
Intercept the communication between the client and the server and change the cookie to make the server believe that there is a user with higher privileges

C.
Brute force the encryption used by the cookie and replay it back to the server

D.
Inject the cookie ID into the web URL and connect back to the server



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I choose B