The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

given the multitude of intercepting proxy tools that are freely available, any

Download 5,76 Mb.

Pdf ko'rish

bet	177/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 173 174 175 176 177 178 179 180 ... 875

Bog'liq
3794 1008 4334

Attempt to determine or guess the purpose that the item plays in the

given the multitude of intercepting proxy tools that are freely available, any

amateur hacker who targets an application can change all request data with

trivial ease. It is rather like supposing that when the teacher comes to search

your desk, it is safer to hide your water pistol in the bottom drawer, because

she will need to bend down further to discover it.

HACK STEPS

■

Locate all instances within the application where hidden form fields,

cookies, and URL parameters are apparently being used to transmit data

via the client.

■

Attempt to determine or guess the purpose that the item plays in the

application’s logic, based on the context in which it appears and on clues

such as the parameter’s name.

■

Modify the item’s value in ways that are relevant to its purpose in the

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 173 174 175 176 177 178 179 180 ... 875