The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	127/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 123 124 125 126 127 128 129 130 ... 875

Bog'liq
3794 1008 4334

70

Chapter 4

■

Mapping the Application

70779c04.qxd:WileyRed 9/14/07 3:12 PM Page 70

HACK STEPS

■

Review the results of your user-directed browsing and basic brute-force

exercises. Compile lists of the names of all enumerated subdirectories,

file stems, and file extensions.

■

Review these lists to identify any naming schemes in use. For example,

if there are pages called

AddDocument.jsp

and

ViewDocument.jsp

,

then there may also be pages called

EditDocument.jsp

and

RemoveDocument.jsp

. You can often get a feel for the naming habits of

developers just by reading a few examples. For example, depending on

their personal style, developers may be verbose (

AddANewUser.asp

),

succinct (

AddUser.asp

), use abbreviations (

AddUsr.asp

), or even be

more cryptic (

AddU.asp

). Getting a feel for the naming styles in use may

help you guess the precise names of content that you have not already

identified.

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 123 124 125 126 127 128 129 130 ... 875