| || |
URL validation or redirection testing?
in a websites like (banking, or B2C, B2B )when i changed (add /n," , ' parameter manipulation) the URL , so now how the web application or websites act regarding these attack?
2. any good business rule or usecase available for the URL validation or Redirection?
i appreciate your valuable suggestion regarding these attacking technique
Re: URL validation or redirection testing?
here is one example,
use the Forum site...after login....
this is this forum Site url, now change the Number=438799 to Number=438979 and see...
the page will be a different one...
now think, a site is having a User information page, where for ebery User ID we have a diffrent page, but provided that the user should login to view his/her own ID information, suppose you r a valid user and by doing the above mentioned example you are able to see another users details then its a kind of URL manipulation testing you could do.
Here the Page should get redirected to login or a page with message that you are not a valid user to view the information or else page should display only your information even though you enetered any details, if the application has a security measure.
At times the page is designed with Encoding....For that also we can try different combinations of characters and try for the same.