The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	533/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 529 530 531 532 533 534 535 536 ... 875

Bog'liq
3794 1008 4334

Once you have found a means of injecting commands and retrieving the

Continued

Chapter 9

■

Injecting Code

305

70779c09.qxd:WileyRed 9/14/07 3:13 PM Page 305

306

Chapter 9

■

Injecting Code

HACK STEPS (continued)

■

Once you have found a means of injecting commands and retrieving the

results, you should determine your privilege level (by using

whoami

or

something similar, or attempting to write a harmless file to a protected

directory). You may then seek to escalate privileges, gain backdoor

access to sensitive application data, or attack other hosts reachable from

the compromised server.

In some cases, it may not be possible to inject an entirely separate command,

due to filtering of required characters, or the behavior of the command API

being used by the application. Nevertheless, it may still be possible to interfere

with the behavior of the command being performed, to achieve some desired

result.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 529 530 531 532 533 534 535 536 ... 875