The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

As described in Chapter 4, the application may contain functions else-

Download 5,76 Mb.

Pdf ko'rish

bet	180/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 176 177 178 179 180 181 182 183 ... 875

Bog'liq
3794 1008 4334

As described in Chapter 4, the application may contain functions else-

where that you can leverage to return the opaque string resulting from a

piece of plaintext you control. In this situation, you may be able to

directly obtain the required string to deliver an arbitrary payload to the

function you are targeting.

■

Even if the opaque string is completely impenetrable, it may be possible

to replay its value in other contexts, to achieve some malicious effect. For

example, the

enc

parameter in the previously shown form may contain

an encrypted version of the product’s price. Although it is not possible to

produce the encrypted equivalent for an arbitrary price of your choosing,

you may be able to copy the encrypted price from a different, cheaper

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 176 177 178 179 180 181 182 183 ... 875