Skip to end of banner
Go to start of banner

Test cases

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

    • Target 1: bring down OKAPI

      • Scenario 1a: just throwing a lot of requests to Okapi from the public net
        • on the https/http ports which are proxied
      • Scenario 1b: throwing a lot of requests to Okapi directly to port 9130
      • Scenario 2a: Buffer overflow OKAPI with huge header informations (proxied)
      • Scenario 2b: Buffer overflow OKAPI with huge header informations (direct connection)
      • others to be find

    • Target 2:  to bring down modules

      • possible target without okapi session: mod-login
        • Scenario 1: throwing a lot of requests to the module
        • Scenario 2: Buffer overflow module with huge pay loads
      • all other modules that needs a valid token with the matching permissions
        • Scenario 1: throwing a lot of requests to the module
        • Scenario 2: Buffer overflow module with huge pay loads
      • others to be find

    • Target 3: URL-Scripting (abusing by using get parameters)

      • Do requests as a logged in users and resend request without token



  • No labels