The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

forming a more focused brute-force exercise on the basis of this. For

Download 5,76 Mb.

Pdf ko'rish

bet	132/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 128 129 130 131 132 133 134 135 ... 875

Bog'liq
3794 1008 4334

. Alternatively, create a list of types of item (user, account, file, etc.) and make requests of the form

forming a more focused brute-force exercise on the basis of this. For

example, if

AddDocument.jsp

and

ViewDocument.jsp

are known to

exist, you may create a list of actions (edit, delete, create, etc.) and make

requests of the form

XxxDocument.jsp

. Alternatively, create a list of

types of item (user, account, file, etc.) and make requests of the form

AddXxx.jsp

■

Perform each exercise recursively, using new enumerated content and

patterns as the basis for further user-directed spidering, and further

automated content discovery. You are limited only by your imagination,

time available, and the importance you attach to discovering hidden con-

tent within the application you are targeting.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 128 129 130 131 132 133 134 135 ... 875