The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Identify any instances where application functionality is accessed not by

Download 5,76 Mb. Pdf ko'rish bet 144/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• Modify the automated techniques described for discovering URL

Identify any instances where application functionality is accessed not by requesting a specific page for that function (e.g.,  /admin/editUser.jsp ) but by passing the name of a function in a parameter (e.g.,  /admin .jsp?action=editUser ). ■ Modify the automated techniques described for discovering URL- specified content to work on the content-access mechanisms in use within the application. For example, if the application uses parameters which specify servlet and method names, first determine its behavior when an invalid servlet and/or method is requested, and when a valid method is requested with invalid other parameters. Try to identify attrib- utes of the server’s responses that indicate “hits” — i.e., valid servlets and Download 5,76 Mb. Do'stlaringiz bilan baham: