The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Identify any cross-site scripting vulnerabilities within the application and

Download 5,76 Mb.

Pdf ko'rish

bet	359/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 355 356 357 358 359 360 361 362 ... 875

Bog'liq
3794 1008 4334

Identify any cross-site scripting vulnerabilities within the application and

determine whether these can be exploited to capture the session tokens

of other users (see Chapter 12).

■

If the application issues session tokens to unauthenticated users, obtain a

token and perform a login. If the application does not issue a fresh token

following

a successful login, then it is vulnerable to session fixation.

■

Even if the application does not issue session tokens to unauthenticated

users, obtain a token by logging in, and then return to the login page. If

the application is willing to return this page even though you are already

authenticated, submit another login as a different user using the same

token. If the application does not issue a fresh token after the second

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 355 356 357 358 359 360 361 362 ... 875