The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	261/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 257 258 259 260 261 262 263 264 ... 875

Bog'liq
3794 1008 4334

HACK STEPS

148

Chapter 6

■

Attacking Authentication

70779c06.qxd:WileyRed 9/14/07 3:13 PM Page 148

■■

Even if the information stored in a cookie for re-identifying users is

suitably protected (e.g., encrypted) to prevent other users from deter-

mining or guessing it, the information may still be vulnerable to cap-

ture through a bug such as cross-site scripting (see Chapter 12).

HACK STEPS

■

Activate any “remember me” functionality, and determine whether the

functionality indeed does fully “remember” the user or whether it only

remembers their username and still requires them to enter a password

on subsequent visits. If the latter is the case, the functionality is much

less likely to expose any security flaw.

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 257 258 259 260 261 262 263 264 ... 875