Sam Bowne

Vulnerable Token Examples

1. Not Encoded

Log In:

Username: Password:

Goal: log in as admin

alert(document.cookie)

2. HTTP Only and Secure

Log In:

Username: Password:

Goal: log in as admin

alert(document.cookie)

alert(1)

3. Encrypted with DES-ECB

Log In:

Username: Password:

Goal: log in with uid=1

4. Encrypted with DES-ECB

Log In:

Username: Password:

Goal: log in with a non-zero numerical uid other than 10005


Updated 6-13-2020