Chapter 5  ■ Bypassing Client-Side Controls

When this is observed, you may reasonably infer that when the form is sub-

mitted, the server-side application will decrypt or deobfuscate the opaque string

and perform some processing on its plaintext value. This further processing may

be vulnerable to any kind of bug; however, in order to probe for and exploit this,

you will first need to wrap up your payload in the appropriate way.

HACK STEPS

Faced with opaque data being transmitted via the client, there are a several

possible avenues of attack:

■

If you know the value of the plaintext behind the opaque string, you can

attempt to decipher the obfuscation algorithm being employed.

■

Download 5,76 Mb.

Do'stlaringiz bilan baham: