The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	217/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 213 214 215 216 217 218 219 220 ... 875

Bog'liq
3794 1008 4334

further processing.

■

If data validation is performed before further manipulation such as

encryption or obfuscation, you can exploit this separation by supplying

valid data to the control, and then intercept and modify the data after it

has passed the validation steps, so that your potentially malicious data is

appropriately manipulated before being transmitted to the server-side

application.

■

If you find a means of manually altering the control’s processing to

defeat the validation it is performing, you can automate the execution of

this attack either by modifying the control’s binary on-disk (OllyDbg has

a facility to update binaries to reflect changes you have made to its code

within the debugger) or by hooking into the target process at runtime,

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 213 214 215 216 217 218 219 220 ... 875