The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

N OT E When an application handles a request containing a structured token

Download 5,76 Mb.

Pdf ko'rish

bet	322/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 318 319 320 321 322 323 324 325 ... 875

Bog'liq
3794 1008 4334

N OT E

When an application handles a request containing a structured token,

it may not actually process every component with the token or all of the data

contained within each component. In the previous example, the application

may Base64-decode the token and then process only the “user” and “date”

components. In cases where a token contains a blob of binary data, much of

this data may be padding, and only a small part of it may actually be relevant

to the validation that the server performs on the token. Narrowing down the

subparts of a token that are actually required can often reduce considerably the

amount of apparent entropy and complexity that the token contains.

Chapter 7

■

Attacking Session Management

181

70779c07.qxd:WileyRed 9/14/07 3:13 PM Page 181

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 318 319 320 321 322 323 324 325 ... 875