Figure 13-6: Configuring Extract Grep
Figure 13-7: Data harvested from log file entries
Even the first few results from the attack appear to contain plenty of useful
data, including usernames, passwords, and payment information. Continuing
to mine data from the logs could soon enable you to compromise an adminis-
trative account and own the entire application.
Attack 3: Application Fuzzing
In addition to exploiting the log functionality to extract useful information,
you should also, of course, probe it for common vulnerabilities. Functionality
that can be reached only by privileged users is often subject to less stringent
Do'stlaringiz bilan baham: