With this test, you will try to discover any information about system behavior, setup, or data, anything that helps you get into the target system.
To do this, enter a non-existing username. For example, you have the following username and password combination:
-
Username –
smartbear. -
Password –
ryAp1R0ck5.
-
Use this login request:
<login>
<username> emery bear</username>
<password> ryAp1R0ck5</password>
</login> -
Here is the possible response:
<loginresponse>
<error>That user does not exist</error>
</loginresponse>
An attacker will potentially use this response to work through a number of usernames until they find the working one.