The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

When a breakpoint is hit, review the call stack to identify any relevant

Download 5,76 Mb. Pdf ko'rish bet 216/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• It is often easy to use a debugger to subvert the execution path of a

When a breakpoint is hit, review the call stack to identify any relevant data being passed to the function — in particular, any user-supplied data that is being subjected to validation. By tracing the path of this data, attempt to understand the processing being performed on it. ■ It is often easy to use a debugger to subvert the execution path of a process in useful ways — for example, by modifying the parameters on the stack being passed as inputs to a function, modifying the EAX regis- ter used to pass the return value back from a function, or rewriting key instructions like comparisons and jumps to change the logic imple- mented within a function. If possible, use these techniques to circumvent validation controls, causing potentially malicious data to be accepted for Download 5,76 Mb. Do'stlaringiz bilan baham: