This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Forward Exploit Tool Project
| |
|
|---|---|
|
Main
Welcome to the Forward Exploit Tool Project
This project is intended to develop a tool to exploit OWASP Top Ten 2010 - A10: Unvalidated Redirects and Forwards vulnerability, focused in the unvalidated "forwards".
The main reason for the Forward Exploit Tool is that there is no tool for this fact, as far as I know. On the other hand, I have seen this problem in several applications that I've analysed in last times, besides this problem has been included in the recent OWASP Top Ten 2010.
Overview
Unvalidated Forwards can be used to bypass access controls, specific or standard access control. For an automatized tool is difficult to exploit specific facts, but can work well with standard situations.
So, the focus is standard access control in Java applications, like restricted directory /WEB-INF. Below this directory is all deployed application files: binary/compiled files, configuration, etc. In Java, compiled files (class) can be easily de-compiled to obtain source code.
The impact: compromise all files, including source code, information hardcoded (credentials, SQL clauses, IP addresses, etc.). This is a high-critical impact.
How it works
TBD
Download
Project About
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||||
