The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	197/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 193 194 195 196 197 198 199 200 ... 875

Bog'liq
3794 1008 4334

110

Chapter 5

■

Bypassing Client-Side Controls

70779c05.qxd:WileyRed 9/16/07 5:14 PM Page 110

HACK STEPS

■

Look for disabled elements within each form of the application. When-

ever one is found, try submitting it to the server along with the form’s

other parameters, to determine whether it has any effect.

■

Often, submit elements are flagged as disabled so that buttons appear as

grayed out in contexts when the relevant action is not available. You

should always try to submit the names of these elements, to determine

whether the application performs a server-side check before attempting

to carry out the requested action.

■

Note that browsers do not include disabled form elements when forms

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 193 194 195 196 197 198 199 200 ... 875