diff --git a/owasp-top10-2017-apps/a2/saidajaula-monster/docs/ATTACK.md b/owasp-top10-2017-apps/a2/saidajaula-monster/docs/ATTACK.md index f406ebe77..a896b6ebd 100644 --- a/owasp-top10-2017-apps/a2/saidajaula-monster/docs/ATTACK.md +++ b/owasp-top10-2017-apps/a2/saidajaula-monster/docs/ATTACK.md @@ -50,10 +50,10 @@ Knowing how the cookie is being generated, a malicious user could create his own

-It is also possible to generate this cookie from terminal using `base64` command: +It is also possible to generate this cookie from terminal using `shasum` command: ```sh -echo '{"permissao": 1, "username": "daniel"}' | base64 +echo -n '{"permissao": 1, "username": "daniel"}' | shasum -a 256 ``` After that, the attacker needs to concatenate the cookie's fields and the hash, separated by a dot. As shown by the following image: