The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Try supplying a simple mathematical expression that is equivalent to the

Download 5,76 Mb. Pdf ko'rish bet 442/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• The preceding test is most reliable in cases where you have confirmed

Try supplying a simple mathematical expression that is equivalent to the original numeric value. For example, if the original value was 2, try sub- mitting 1+1 or 3-1. If the application responds in the same way, then it may be vulnerable. ■ The preceding test is most reliable in cases where you have confirmed that the item being modified has a noticeable effect on the application’s behavior. For example, if the application uses a numeric  PageID parame- ter to specify which content should be returned, then substituting 1+1 for 2 with equivalent results is a good sign that SQL injection is present. If, however, you can place completely arbitrary input into a numeric para- meter without changing the application’s behavior, then the preceding Download 5,76 Mb. Do'stlaringiz bilan baham: