Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The auth bypass was actually quite simple...a particular code path creates a valid session without requiring previous authentication.

This can be used in order to create an administrative session by adding a cookie: username=admin. This has then created a complete administrative and authorization bypass.

Why did this happen? Likely because the same code path was not used for all pieces of authorization. Modularity is quite important in terms of security! If authorization is implemented 10 different ways, it is very unlikely that all of them were done correctly.