The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Whatever validation and processing a thick-client component performs

Download 5,76 Mb. Pdf ko'rish bet 199/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• Bypassing Client-Side Controls

Whatever validation and processing a thick-client component performs, if it submits data to the server in a transparent manner, then this data can be modified using an intercepting proxy in just the same way as described for HTML form data. For example, a thick-client component supporting an authentication mechanism might capture user credentials, perform some validation on these, and submit the values to the server as plaintext parameters within the request. The validation can be trivially circumvented without performing any analysis or attack on the component itself. Chapter 5  ■ Bypassing Client-Side Controls 111 70779c05.qxd:WileyRed  9/16/07  5:14 PM  Page 111 Thick-client components present a more interesting and challenging target Download 5,76 Mb. Do'stlaringiz bilan baham: