When
the attack has been executed, clicking
on column headers such as
“status” and “length” will sort the results accordingly, enabling anomalies to
be quickly picked out, as shown in Figure 4-4.
Figure 4-4: The results of a test probing for common directories
HACK STEPS
■
Make some manual requests for known valid and invalid resources, and
identify how the server handles the latter.
■
Use the site map generated through user-directed spidering as a basis for
automated discovery of hidden content.
■
Make automated requests for common filenames and directories within
Do'stlaringiz bilan baham: