The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

party components may look and feel quite different in each implementa-

Download 5,76 Mb.

Pdf ko'rish

bet	159/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 155 156 157 158 159 160 161 162 ... 875

Bog'liq
3794 1008 4334

Dissecting Requests

party components may look and feel quite different in each implementa-

tion, due to branding customizations, but the core functionality, including

script and parameter names, is often the same. If possible, download and

install the component and analyze it to fully understand its capabilities

and if possible discover any vulnerabilities. Consult repositories of

known vulnerabilities to identify any known defects with the component

in question.

Identifying Server-Side Functionality

It is often possible to infer a great deal about server-side functionality and

structure, or at least make an educated guess, by observing clues that the

application discloses to the client.

Dissecting Requests

Consider the following URL, which is used to access a search function:

https://wahh-app.com/calendar.jsp?name=new%20applicants&isExpired=

0&startDate=22%2F09%2F2006&endDate=22%2F03%2F2007&OrderBy=name

As we have seen, the

.jsp

file extension indicates that Java Server Pages are

in use. You may guess that a search function will retrieve its information from

either an indexing system or a database; the presence of the

OrderBy

parame-

ter suggests that a back-end database is being used, and that the value you

submit may be used as the

ORDER BY

clause of a SQL query. This parameter

may well be vulnerable to SQL injection, as may any of the other parameters if

they are used in database queries (see Chapter 9).

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 155 156 157 158 159 160 161 162 ... 875