The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

 malformed requests are triggering the same error or different errors. You may

also be able to determine the sequence in which different parameters are

processed, by submitting bad input within multiple parameters and identify-

ing the location at which an error occurs. By systematically manipulating dif-

ferent parameters, you may be able to map out the different code paths being

executed on the server.

T I P

Even if an error message does not disclose any interesting information, it

may represent an exploitable vulnerability. For example, it is common to find

XSS bugs in error messages which contain the anomalous user-supplied input

that generated the error (see Chapter 12).

Stack Traces

Most web applications are written in languages that are more complex than

simple scripts but which still run in a managed execution environment — for

example, Java, C#, and Visual Basic .NET. When an unhandled error occurs in

these languages, it is common to see full stack traces being returned to the

browser.

A stack trace is a structured error message that begins with a description of

the actual error. This is followed by a series of lines describing the state of the

execution call stack when the error occurred. The top line of the call stack

shows the function that generated the error, the next line shows the function

that invoked the previous function, and so on down the call stack until the

hierarchy of function calls is exhausted.

The following is an example of a stack trace generated by an ASP.NET 

application:

[HttpException (0x80004005): Cannot use a leading .. to exit above the

top directory.]

System.Web.Util.UrlPath.Reduce(String path) +701

System.Web.Util.UrlPath.Combine(String basepath, String relative) +304

System.Web.UI.Control.ResolveUrl(String relativeUrl) +143

PBSApp.StatFunc.Web.MemberAwarePage.Redirect(String url) +130 

PBSApp.StatFunc.Web.MemberAwarePage.Process() +201

PBSApp.StatFunc.Web.MemberAwarePage.OnLoad(EventArgs e)

System.Web.UI.Control.LoadRecursive() +35

System.Web.UI.Page.ProcessRequestMain() +750

Version Information: Microsoft .NET Framework Version:1.1.4322.2300;

ASP.NET Version:1.1.4322.2300

Chapter 14 

■

Exploiting Information Disclosure

507

70779c14.qxd:WileyRed  9/14/07  3:14 PM  Page 507

This kind of error message provides a large amount of useful information

that may assist you in fine-tuning your attack against the application:

■■

It often describes the precise reason why an error occurred. This may

enable you to adjust your input to circumvent the error condition and

advance your attack.

■■

The call stack typically makes reference to a number of library and third-

Download 5,76 Mb.

Do'stlaringiz bilan baham: