The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

N OT E Do not assume that the application will respond with “200 OK” if a

Download 5,76 Mb.

Pdf ko'rish

bet	122/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 118 119 120 121 122 123 124 125 ... 875

Bog'liq
3794 1008 4334

N OT E

Do not assume that the application will respond with “200 OK” if a

requested resource exists, and “404 Not Found” if it does not. Many

applications handle requests for nonexistent resources in a customized way,

often returning a bespoke error message and a 200 response code. Further,

some requests for existent resources may receive a non-200 response. The

following is a rough guide to the likely meaning of the response codes that you

may encounter during a brute-forcing exercise looking for hidden content:

■■

302 Found — If the redirect is to a login page, the resource may be

accessible only by authenticated users. If it is to an error message, this

may disclose a different reason. If it is to another location, the redirect

68

Chapter 4

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 118 119 120 121 122 123 124 125 ... 875