The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Using whichever of the injection strings was found to be successful, try

Download 5,76 Mb.

Pdf ko'rish

bet	532/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 528 529 530 531 532 533 534 535 ... 875

Bog'liq
3794 1008 4334

If you are unable to retrieve results directly, there are other options open

Using whichever of the injection strings was found to be successful, try

injecting a more interesting command (such as

ls

or

dir

), and deter-

mine whether you are able to retrieve the results of the command back

to your browser.

■

If you are unable to retrieve results directly, there are other options open

to you:

■

You can attempt to open an out-of-band channel back to your com-

puter. Try using TFTP to copy tools up to the server, using telnet or net-

cat to create a reverse shell back to your computer, and using the

mail

command to send command output via SMTP.

■

You can redirect the results of your commands to a file within the web

root, which you can then retrieve directly using your browser. For

example:

dir > c:\inetpub\wwwroot\foo.txt

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 528 529 530 531 532 533 534 535 ... 875