The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

■■

Use of brute force combined with human inference and intuition to dis-

cover as much hidden content as possible.

■■

An intelligent analysis of the application, to identify its key functional-

ity, behavior, security mechanisms, and technologies.

■■

An assessment of the application’s attack surface, highlighting the most

promising functions and behavior for more focused probing into

exploitable vulnerabilities.

Questions

Answers can be found at 

www.wiley.com/go/webhacker

.

1. While mapping an application, you encounter the following URL:

https://wahh-app.com/CookieAuth.dll?GetLogon?curl=

Z2Fdefault.aspx

What information can you deduce about the technologies employed on

the server, and how it is likely to behave?

2. The application you are targeting implements web forum functionality.

The only URL you have discovered is:

http://wahh-app.com/forums/ucp.php?mode=register

How might you obtain a listing of forum members?

3. While mapping an application, you encounter the following URL:

https://wahh-app.com/public/profile/Address.asp?action=

view&location=default

What information can you infer about server-side technologies? What

can you conjecture about other content and functionality that may

exist?

4. A web server’s responses include the following header:

Server: Apache-Coyote/1.1

What does this indicate about the technologies in use on the server?

5. You are mapping two different web applications, and you request the

URL 

/admin.cpf

from each application. The response headers returned

Download 5,76 Mb.

Do'stlaringiz bilan baham: