Talk:Testing for Default or Guessable User Account (OWASP-AT-003)

From OWASP
Jump to: navigation, search

Black box section

What about adding a suggestion to the black box examples about checking page source code and javascript? I've often seen login forms that test the username and redirect the user based on that test, i.e.: If admin then starturl=/admin else /index.asp etc. I'll try to dig up a specific example and add it here. Rick.mitchell 08:43, 25 June 2008 (EDT)