Skip to content

Commit

Permalink
[FIX] Add shasum command
Browse files Browse the repository at this point in the history
  • Loading branch information
rafaveira3 authored Feb 4, 2019
1 parent 33ca29d commit 4cfb66b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions owasp-top10-2017-apps/a2/saidajaula-monster/docs/ATTACK.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ Knowing how the cookie is being generated, a malicious user could create his own
<img src="attack5.png"/>
</p>

It is also possible to generate this cookie from terminal using `base64` command:
It is also possible to generate this cookie from terminal using `shasum` command:

```sh
echo '{"permissao": 1, "username": "daniel"}' | base64
echo -n '{"permissao": 1, "username": "daniel"}' | shasum -a 256
```

After that, the attacker needs to concatenate the cookie's fields and the hash, separated by a dot. As shown by the following image:
Expand Down

0 comments on commit 4cfb66b

Please sign in to comment.