We have spent some time discussing how different authentication mechanisms work in web applications. In this section, you will learn how to identify and exploit some of the most common security failures in them.
Common authentication flaws in web applications
Lack of authentication or incorrect authorization verification
In the previous chapter, you saw how to use DIRB and other tools to find directories and files that may not be referenced by any page on the web server or that may contain privileged functionality, such as /admin and /user/profile. If you are able to browse directly to those directories and use the functionality within them without having to authenticate, or if being authenticated as a standard user, you...