The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

If the application’s behavior is different in the two cases, then it may be

Download 5,76 Mb.

Pdf ko'rish

bet	587/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 583 584 585 586 587 588 589 590 ... 875

Bog'liq
3794 1008 4334

If the application’s behavior is different in the two cases, then it may be

blocking, stripping, or sanitizing traversal sequences, resulting in an

invalid file path. You should examine whether there are any ways of cir-

cumventing the application’s validation filters (described in the next sec-

tion “Circumventing Obstacles to Traversal Attacks”).

■

The reason why this test is effective, even if the subdirectory “bar” does

not exist, is that most common file systems perform canonicalization of

the file path before attempting to retrieve it. The traversal sequence can-

cels out the invented directory, and so the server does not check whether

it is present.

If you find any instances where submitting traversal sequences without

stepping above the starting directory does not affect the application’s behav-

ior, the next test is to attempt to traverse out of the starting directory and access

files from elsewhere on the server file system.

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 583 584 585 586 587 588 589 590 ... 875