The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws



Download 5,76 Mb.
Pdf ko'rish
bet855/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   851   852   853   854   855   856   857   858   ...   875
Bog'liq
3794 1008 4334

HACK STEPS (continued)



Use Google code search to locate any publicly available code that may be



responsible for a particular error message. Search for snippets of error

messages that may be hard-coded into the application’s source code. You

can also use various advanced search features to specify the code lan-

guage and other details, if this is known. For example:

unable\ to\ retrieve lang:php package:mail



If you have obtained stack traces containing the names of library and

third-party code components, search for these names on both types of

search engines.

Engineering Informative Error Messages

In some situations, it may be possible to systematically engineer error condi-

tions in such a way as to retrieve sensitive information within the error mes-

sage itself.

One common situation in which this possibility arises is where you can cause

the application to attempt some invalid action on a specific item of data. If the

resulting error message discloses the value of that data, and you can cause

interesting items of information to be processed in this way, then you may be

able to exploit this behavior to extract arbitrary data from the application.

In Chapter 9, you saw how verbose ODBC error messages can be leveraged

in a SQL injection attack to retrieve the results of arbitrary database queries.

For example:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the nvarchar value ‘pbyrne:losteip’ to a column of data type int.

A different way in which this kind of technique can be used is where an

application error generates a stack trace containing a description of the error,

and you can engineer a situation where interesting information is incorpo-

rated into the error description.

Some databases provide a facility to create user-defined functions written in

Java. By exploiting a SQL injection flaw, you may be able to create your own

function to perform arbitrary tasks. If the application returns error messages to

the browser, then from within your function you can throw a Java exception

containing arbitrary data which you need to retrieve. For example, the follow-

ing code will execute the operating system command 

ls

and then generate an




Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   851   852   853   854   855   856   857   858   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish